Cenzic names top five Web app vulnerabilities from February staff

Cenzic's Intelligent Analysis (CIA) research lab recently named the top five most serious Web application vulnerabilities for the month of February. The company's top five list includes vulnerabilities in many of today's most widely used business platforms, including Lotus Domino, Symantec Sygate Management Server, IBM Tivoli, Domino Web Access and InfoVista VistaPortal. They were selected for their severity and potential threat to common, widely used software and business environments.

Requires Free Membership to View

  1. Lotus Domino Directory Traversal and URL/Archive Processing Buffer Overflows [CIA-1042-Alert]
    Several vulnerabilities were discovered in Lotus Domino/Notes versions 6.5.4 and previous, and in version 7.0. Affected versions allow a remote user to execute malicious code by embedding an overly long URL within an e-mail message. IBM has released patches to eliminate these security issues. Affected users can access IBM support at
  2. Symantec Sygate Management Server SQL Injection Vulnerability [CIA-1043-Alert]
    A vulnerability in the Sygate Management Server (SMS) allows a remote attacker to inject SQL command to overwrite the administrator password. Symantec's Sygate Management Server versions 4.1 build 1417 and prior are vulnerable to a SQL injection attack that can give an attacker full control of the system. Affected sites are advised to upgrade to a fixed version, available at
  3. IBM Tivoli Access Manager Directory Traversal Vulnerability [CIA-1044-Alert]
    A vulnerability in the IBM Tivoli Access Manger lets a remotely authenticated user access arbitrary files via directory traversal attacks. Versions 5.1.0 and 6.0.0 of the IBM Tivoli Access Manager are vulnerable to these attacks when the Web Server plug-in component is installed.

    IBM has released a security fix for each of the affected platforms, which can be accessed at
    • Fixpack 5.1.0-TIV-WPI-FP0017:
    • Fixpack 6.0.0-TIV-WPI-FP0001:
  4. Domino Web Access Multiple Cross-Site Scripting Vulnerabilities [CIA-1045-Alert]
    A vulnerability in Domino Web Access allows Cross-Site Scripting attacks because the client fails to sufficiently sanitize HTML code before displaying this information to the user. As a result it is possible to craft a malicious email with HTML embedded in the subject line to cause this code to execute in the browser of any user who views the message. Affected enterprises should implement IBM's security fixes, found at
  5. InfoVista VistaPortal Discloses Files and Path to Remote Users [CIA-1046-Alert]
    Affected versions of InfoVista VistaPortal are vulnerable to directory traversal attacks, although the particular variation that successfully exploits the vulnerability has not been disclosed. VistaPortal runs with root privileges, thereby allowing access to any file on the server, including files that contain server password configuration for the Solaris Operating System.

    Affected sites should apply the InfoVista hotfix (IV00038969) to eliminate the directory traversal vulnerability.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: