IBM closes holes in mail filters and WebSphere MQ
IBM has patched two security flaws in the mail filters of Lotus Protector for Mail Security and Proventia Network Mail Security that affect all versions of these products. A cross-site scripting vulnerability allows an attacker to inject JavaScript code into the browser of an administrator with an active session on the system. The other vulnerability allows administrators to gain access to files on a server that they should not have access to.
Both vulnerabilities have been patched for versions 2.5.x, 2.8.x and later of the affected products. Users with older versions of the software must upgrade to version 2.5.x before they can install the patch.
IBM has also patched a flaw in version 7.1 of its WebSphere MQ communication platform. The vulnerability allows users to access the queue manager even if they are not allowed to do so. This problem has been fixed in Fix Pack 7.1.0.1 for WebSphere MQ.
(fab)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
