Security vulnerability in Dojo for Portal versions 7.0.0.x and 8.0.

Yesterday a costumer ask to update all servers because of this issue.

A URL manipulation security vulnerability has been found in the dojo module for WebSphere Portal versions 7.0.0.x and 8.0.

APAR PM64172 has been provided to address this issue.

 The apar is included in CF14 for WebSphere Portal v7.0.0.1 and v7.0.0.2, and is available as an interim fix for WebSphere Portal v8.

This is a critical problem. When i simulate the attack i got the administrator password from security.xml


http://www-01.ibm.com/support/docview.wss?uid=swg21598363