The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IBM Eclipse Help System: redirect via iehs.war

Synthesis of the vulnerability 

An attacker can use iehs.war, which is used in several IBM products, in order to redirect the victim to a malicious site.
Vulnerable products: DB2 UDB, SPSS Data Collection.
Severity of this weakness: 2/4.
Creation date: 18/06/2012.
Revision date: 06/05/2013.
Références of this bulletin: BID-54051, CERTA-2012-AVI-391, CERTA-2012-AVI-521, CVE-2012-2159, swg21596690, swg21612193, VIGILANCE-VUL-11718.

Description of the vulnerability 

Several IBM products uses help files, which are displayed through the IBM Eclipse Help System viewer, provided by iehs.war.

However, an attacker can use iehs.war, in order to redirect the victim to a malicious site.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness impacts software or systems such as DB2 UDB, SPSS Data Collection.

Our Vigil@nce team determined that the severity of this vulnerability note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this cybersecurity threat.

Solutions for this threat 

IBM DB2 Information Center: patch for iehs.war.
A patch is available:
  http://www.ibm.com/support/docview.wss?uid=swg21624607

IBM SPSS Data Collection Developer Library Help System: IEHS version 3.4.3.
IBM Eclipse Help System version 3.4.3 is corrected:
  http://submit.boulder.ibm.com/infocenter/idwb/v3r8m4/index.jsp?topic=/com.ibm.iehs.home/doc/fixes.html
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.