<html><body>
<p><font size="2" face="Arial">IBM Endpoint Manager (IEM) for Mobile Device Management team is pleased to announce </font><font size="2" face="sans-serif">an update to the site has been released!</font><font size="3" face="sans-serif"> </font><font size="2" face="sans-serif"><br>
<br>
</font><font size="2" face="sans-serif"><b><br>
Reasons for Update:</b></font><font size="2" face="Liberation Sans"><br>
This is a recommender update to all versions of the iOS Extender, Self-Service Portal, Trusted Services Provider and Admin Portal components of IBM Tivoli Endpoint Manager for Mobile Device Management (MDM) prior to version 9.0.60100, as it addresses vulnerability </font><font size="2" face="Liberation Sans"><b>CVE-2014-6140.</b></font><font size="2" face="sans-serif"><br>
</font><font size="2" face="Liberation Sans"><br>
These components of IBM Tivoli Endpoint Manager for MDM are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and execute arbitrary code.</font><font size="2" face="sans-serif"><br>
<br>
</font><font size="2" face="sans-serif"><b><br>
Published site version: </b></font><font size="2" face="sans-serif"><br>
Mobile Device Management, version 104.<br>
<br>
</font><font size="2" face="sans-serif"><b><br>
</b></font><font size="2" face="sans-serif"><b>Actions to Take: </b></font><font size="2" face="sans-serif"><br>
Update the iOS Extender, Self Service Portal, Trusted Service Provider, and Admin portal to version 9.0.60100 or higher with the following Fixlet Messages:<br>
</font>
<table border="0" cellspacing="0" cellpadding="0">
<tr valign="top"><td width="508" bgcolor="#FAFAFA">
<ul style="padding-left: 0pt"><font size="2" face="Arial">Upgrade Admin Portal (9.0.60100) (Fixlet ID 177)<br>
Upgrade Management Extender for Enrollment and Apple iOS (9.0.60100) (Fixlet ID 94)<br>
Upgrade Self Service Portal (9.0.60100) (Fixlet ID 184)<br>
Upgrade Trusted Services Provider (9.0.60100) (Fixlet ID 200)</font><font size="3" face="Arial"> </font></ul>
</td></tr>
</table>
<table border="0" cellspacing="0" cellpadding="0">
<tr valign="top"><td width="616" bgcolor="#FAFAFA"><img width="1" height="1" src="cid:1__=08BBF732DF10EB5E8f9e8a93df938@us.ibm.com" border="0" alt=""></td></tr>
</table>
<br>
<font size="2" face="sans-serif"><b>Additional Information:</b></font><br>
<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6140"><font size="2" color="#0000FF" face="sans-serif"><u>http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6140</u></font></a><br>
<br>
<font size="2" face="sans-serif"><br>
________________________________________________________________________________________________________________________<br>
Application Engineering Team<br>
IBM Endpoint Manager</font><font size="3" face="sans-serif"> </font></body></html>