search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Attachmate Reflection for the Web cross site scripting vulnerability

Vulnerability Note VU#889047

Original Release Date: 2010-11-01 | Last Revised: 2010-11-01

Overview

Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability.

Description

The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability.

    • Reflection for the Web 2008 R2 builds 10.1.569 and earlier
    • Reflection for the Web 2008 R1
    • Reflection for the Web 9.6 and earlier
Additional details are available in Attachmate's Technical Note 1704.

Impact

An attacker may execute arbitrary script in the security context of the web user. The attacker would need to induce the user to voluntarily interact with the attack mechanism.

Solution

Apply an update
Attachmate recommends all users upgrade to Reflection for the Web 2008 R2 build 10.1.570 or higher.

Vendor Information

889047
 
Expand all

Attachmate Affected

Updated:  November 01, 2010

Status

Affected

Vendor Statement

The vendor has reported that updates to the affected products are available which remedy the vulnerability and recommends that users update to the latest version.

Vendor Information

The vendor has published a statement on the Attachmate support site at http://support.attachmate.com/techdocs/1704.html


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://support.attachmate.com/techdocs/1704.html

Acknowledgements

Thanks to Ed Munoz of Attachmate for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 0.00
Date Public: 2010-11-01
Date First Published: 2010-11-01
Date Last Updated: 2010-11-01 14:26 UTC
Document Revision: 13

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis