Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Application Developer For Websphere | 7.0 |
| Ibm | Rational Software Architect | 7.0.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37442Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg27012378Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27012558Patch
- http://www.osvdb.org/60319
- http://www.securityfocus.com/bid/37083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54360
- http://secunia.com/advisories/37442Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg27012378Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27012558Patch
- http://www.osvdb.org/60319
- http://www.securityfocus.com/bid/37083
FAQ
What is CVE-2009-4052?
CVE-2009-4052 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect befor...
How severe is CVE-2009-4052?
CVE-2009-4052 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4052?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Application Developer For Websphere, Ibm Rational Software Architect.