As part of Security Bulletin, a new fix is available for Vulnerability in IBM WebSphere Portal v6.1.
CVE ID: CVE-2015-5654
DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
For customers who are on Portal v6.1, this could be a major issue based on the authentication related attack.
For 220.127.116.11 through 18.104.22.168
Upgrade to Fix Pack 22.214.171.124 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI55884.
For 126.96.36.199 through 188.8.131.52
Upgrade to Fix Pack 184.108.40.206 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI55884.
Link for reference: http://www-01.ibm.com/support/docview.wss?uid=swg21975256