Executive Summary

Summary
Title Attachmate Reflection for the Web cross site scripting vulnerability
Informations
Name VU#889047 First vendor Publication 2010-11-01
Vendor VU-CERT Last vendor Modification 2010-11-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#889047

Attachmate Reflection for the Web cross site scripting vulnerability

Overview

Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability.

I. Description

The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability.
  • Reflection for the Web 2008 R2 builds 10.1.569 and earlier
  • Reflection for the Web 2008 R1
  • Reflection for the Web 9.6 and earlier
Additional details are available in Attachmate's Technical Note 1704.

II. Impact

An attacker may execute arbitrary script in the security context of the web user. The attacker would need to induce the user to voluntarily interact with the attack mechanism.

III. Solution

Apply an update

Attachmate recommends all users upgrade to Reflection for the Web 2008 R2 build 10.1.570 or higher.

Vendor Information

VendorStatusDate NotifiedDate Updated
AttachmateAffected2010-11-01

References

http://support.attachmate.com/techdocs/1704.html

Credit

Thanks to Ed Munoz of Attachmate for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2010-11-01
Date First Published:2010-11-01
Date Last Updated:2010-11-01
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.00
Document Revision:12

Original Source

Url : http://www.kb.cert.org/vuls/id/889047