SB2016080803 - Multiple vulnerabilities in IBM Rational Publishing Engine

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2016-2914)

The vulnerability allows a remote authenticated user to manipulate or delete data.

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

2) Cross-site scripting (CVE-ID: CVE-2016-2912)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://www.securityfocus.com/bid/92334
• http://www-01.ibm.com/support/docview.wss?uid=swg21988263
• http://www.securityfocus.com/bid/92335