Fortinet Discovers IBM WebSphere Business Modeler Cross Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross Site Scripting vulnerability in IBM WebSphere Business Modeler.
WebSphere Business Modeler is a business process modeling and analysis tool. Business users are able to generate process modeling, simulation, and analysis to help them to understand, document, and deploy business processes better.
A reflected Cross Site Scripting vulnerability exists in WebSphere Business Modeler. This vulnerability is caused by improper validation of user-supplied input. Victims just need to click a specially-crafted URL to execute injected script code in his/her Web browser within the security context of the hosting website. Attackers could exploit this vulnerability to steal the victims' cookie-based authentication credentials, redirect the victims to malicious websites, etc.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Apr 27, 2016
FortiWeb can cover this specific vulnerability with following signatures:
Cross Site Scripting 010000000
Cross Site Scripting (Extended) 020000000
Users should apply the solution provided by IBM.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.