Multiple vulnerabilities have been reported in IBM Lotus Expeditor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) Input passed to unspecified parameters within the Eclipse help component is not properly verified before being used to read files. This can be exploited to disclose arbitrary files from local resources via directory traversal attacks.

2) An error in the Web Container within the access control mechanism when processing unspecified request headers can be exploited to spoof a header making it appear to be originating from a trusted location (e.g. localhost).

3) The application loads unspecified libraries in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening an unspecified file located on a remote WebDAV or SMB share.

Successful exploitation of this vulnerability allows execution of arbitrary code.

4) Some cross-site scripting vulnerabilities exist within the bundled Eclipse Help Server.

For more information:
SA42236

5) Input passed via the "searchWord" parameter to searchView.jsp and the "workingSet" parameter to workingSetManager.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of the bundled Help Server site.

Solution
Update to version 6.2 FP5 (Fix Pack 5) + Security Pack.
Further details available to Secunia VIM customers

Provided and/or discovered by
Reported by the vendor.

Original Advisory
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21575642

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers