Lucene search

MitreCVE-2004-1442

HistoryFeb 13, 2005 - 5:00 a.m.

CVE-2004-1442

2005-02-1305:00:00

mitre

web.nvd.nist.gov

cve-2004-1442

cross-site scripting

xss vulnerability

ibm

net.data

cgi interpreter

remote code injection

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as “DTWP001E.”

Affected configurations

Nvd

Node

ibmnet.dataMatch7.0

ibmnet.dataMatch7.2

VendorProductVersionCPE
ibmnet.data7.0cpe:2.3:a:ibm:net.data:7.0:*:*:*:*:*:*:*
ibmnet.data7.2cpe:2.3:a:ibm:net.data:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	net.data	7.0	cpe:2.3:a:ibm:net.data:7.0:::::::*
ibm	net.data	7.2	cpe:2.3:a:ibm:net.data:7.2:::::::*

References

archives.neohapsis.com/archives/vulnwatch/2004-q1/0019.html

secunia.com/advisories/10709/

secunia.com/secunia_research/2004-1/advisory/

www.kb.cert.org/vuls/id/197318

www.kb.cert.org/vuls/id/DMOA-5VNPEL

www.osvdb.org/3712

www.securityfocus.com/bid/9488

www.securitytracker.com/id?1008845

exchange.xforce.ibmcloud.com/vulnerabilities/14925

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for CVE-2004-1442