Intrusion Prevention

IBM.Lotus.Protector.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in IBM Lotus Protector.
The vulnerability is a result of the application's failure to properly sanitize user input before using it. It allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credential disclosure within a trusted session.

Affected Products

Lotus Protector for Mail Security v2.8.0.0 to 2.8.1.0

Impact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www-01.ibm.com/support/docview.wss?uid=swg21985280

CVE References

CVE-2016-2991