You are here

U-198: IBM Lotus Expeditor Multiple Vulnerabilities

June 25, 2012 - 7:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in IBM Lotus Expeditor.

PLATFORM:

IBM Lotus Expeditor 6.x

ABSTRACT:

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

Reference Links:

Vendor Advisory
Secunia ID 49624
CVE-2008-7271, CVE-2010-4647
CVE-2012-0186, CVE-2012-0187
CVE-2012-0191

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in IBM Lotus Expeditor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) Input passed to unspecified parameters within the Eclipse help component is not properly verified before being used to read files. This can be exploited to disclose arbitrary files from local resources via directory traversal attacks.

2) An error in the Web Container within the access control mechanism when processing unspecified request headers can be exploited to spoof a header making it appear to be originating from a trusted location (e.g. localhost).

3) The application loads unspecified libraries in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening an unspecified file located on a remote WebDAV or SMB share.

Successful exploitation of this vulnerability allows execution of arbitrary code.

4) Some cross-site scripting vulnerabilities exist within the bundled Eclipse Help Server.

5) Input passed via the "searchWord" parameter to searchView.jsp and the "workingSet" parameter to workingSetManager.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of the bundled Help Server site.

Impact:

Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access from remote

Solution:

All vulnerabilities are resolved by IBM Lotus Expeditor 6.2 FP5+Security Pack.

Addthis