Lucene search

IbmCVE-2014-0853

HistoryFeb 26, 2014 - 1:29 a.m.

CVE-2014-0853

2014-02-2601:29:36

CWE-79

ibm

web.nvd.nist.gov

ibm

rational focal point

xss

vulnerabilities

forward controller

attribute editor

ibm rational focal point 6.4.x

ibm rational focal point 6.5.x

nvd

cve-2014-0853

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmrational_focal_pointMatch6.4

ibmrational_focal_pointMatch6.4.0.1

ibmrational_focal_pointMatch6.4.1.0

ibmrational_focal_pointMatch6.4.1.1

ibmrational_focal_pointMatch6.4.1.2

ibmrational_focal_pointMatch6.4.1.3

ibmrational_focal_pointMatch6.5

ibmrational_focal_pointMatch6.5.0.1

ibmrational_focal_pointMatch6.5.0.2

ibmrational_focal_pointMatch6.5.1

ibmrational_focal_pointMatch6.5.1.1

ibmrational_focal_pointMatch6.5.2

ibmrational_focal_pointMatch6.5.2.1

ibmrational_focal_pointMatch6.5.2.2

ibmrational_focal_pointMatch6.5.2.3

ibmrational_focal_pointMatch6.6

ibmrational_focal_pointMatch6.6.0.1

VendorProductVersionCPE
ibmrational_focal_point6.4cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*
ibmrational_focal_point6.4.0.1cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.0cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.1cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.2cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.3cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*
ibmrational_focal_point6.5cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*
ibmrational_focal_point6.5.0.1cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*
ibmrational_focal_point6.5.0.2cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*
ibmrational_focal_point6.5.1cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_focal_point	6.4	cpe:2.3:a:ibm:rational_focal_point:6.4:::::::*
ibm	rational_focal_point	6.4.0.1	cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:::::::*
ibm	rational_focal_point	6.4.1.0	cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:::::::*
ibm	rational_focal_point	6.4.1.1	cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:::::::*
ibm	rational_focal_point	6.4.1.2	cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:::::::*
ibm	rational_focal_point	6.4.1.3	cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:::::::*
ibm	rational_focal_point	6.5	cpe:2.3:a:ibm:rational_focal_point:6.5:::::::*
ibm	rational_focal_point	6.5.0.1	cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:::::::*
ibm	rational_focal_point	6.5.0.2	cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:::::::*
ibm	rational_focal_point	6.5.1	cpe:2.3:a:ibm:rational_focal_point:6.5.1:::::::*

Rows per page:

1-10 of 171

References

www-01.ibm.com/support/docview.wss?uid=swg21665005

www.securityfocus.com/bid/65726

exchange.xforce.ibmcloud.com/vulnerabilities/90754

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVE-2014-0853