Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Ibm
  • Rational Software Architect
  • Rational Application Developer For Websphere

Configuration 1 [-]

OR cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_application_developer_for_websphere:7.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_software_architect:7.0.0.9:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/37442 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27012378 Patch
http://www-01.ibm.com/support/docview.wss?uid=swg27012558 Patch
http://www.osvdb.org/60319
http://www.securityfocus.com/bid/37083
https://exchange.xforce.ibmcloud.com/vulnerabilities/54360
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-11-23T17:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-11-23T00:00:00

Link: CVE-2009-4052

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-11-23T17:30:00.750

Modified: 2017-08-17T01:31:24.507

Link: CVE-2009-4052

JSON object: View

cve-icon Redhat Information

No data.

CWE