Fortinet Discovers IBM InfoSphere Data Architect Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting vulnerability in IBM InfoSphere Data Architect.
IBM InfoSphere Data Architect is a collaborative data design solution. It enables users to discover, model, relate, standardize and integrate diverse and distributed data assets throughout their enterprise. It includes support for column-organized tables and can offer a better understanding of current data assets to help increase efficiency and reduce time to market.
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in InfoSphere Data Architect. This vulnerability is caused by improper validation of user-supplied input. Victims just need to click a specially-crafted URL to execute injected script code in his/her Web browser within the security context of the hosting website. Attackers could exploit this vulnerability to steal the victims' cookie-based authentication credentials, redirect the victims to malicious websites, etc.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Dec 07, 2015
Authentication is not required to successfully exploit this vulnerability
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.