Monday, 14 February 2011

Lotus Connections 3 - Security Vulnerability

One of my colleagues in the Lotus Connections development team drew my attention to this  document: -

Flash (Alert) - Security vulnerability in Lotus Connections login module

Abstract

Security vulnerability in Lotus Connections login module.

Content

After installing fixpack 7.0.0.11 for WebSphere Application Server, an application may be able to invoke an internal login module in an incorrect fashion.

This only applies to an application internal login, and does not apply to a client login.

* RECOMMENDATION: *

WebSphere Application Server has been modified to properly handle this type of login. IBM strongly urges all customers to apply the patch immediately to all deployments. Please contact WebSphere Application Server support team to obtain hotfix 7.0.0.11-WS-WAS-IFPK54565.pak for WebSphere fixpack 7.0.0.11.

Please review the Flash, and work with IBM Support to locate and apply the fix.

No comments: