Lucene search

IbmCVE-2014-0953

HistoryAug 12, 2014 - 5:01 a.m.

CVE-2014-0953

2014-08-1205:01:03

CWE-79

ibm

web.nvd.nist.gov

cve-2014-0953

cross-site scripting

xss

ibm websphere portal

remote attack

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.0.4

ibmwebsphere_portalMatch6.1.0.5

ibmwebsphere_portalMatch6.1.0.6

ibmwebsphere_portalMatch6.1.5.0

ibmwebsphere_portalMatch6.1.5.1

ibmwebsphere_portalMatch6.1.5.2

ibmwebsphere_portalMatch6.1.5.3

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0.0.0

VendorProductVersionCPE
ibmwebsphere_portal6.1.0.0cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.1cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.2cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.3cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.4cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.5cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.6cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.0cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.1cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.2cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.1.0.0	cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*
ibm	websphere_portal	6.1.0.1	cpe:2.3:a:ibm:websphere_portal:6.1.0.1:::::::*
ibm	websphere_portal	6.1.0.2	cpe:2.3:a:ibm:websphere_portal:6.1.0.2:::::::*
ibm	websphere_portal	6.1.0.3	cpe:2.3:a:ibm:websphere_portal:6.1.0.3:::::::*
ibm	websphere_portal	6.1.0.4	cpe:2.3:a:ibm:websphere_portal:6.1.0.4:::::::*
ibm	websphere_portal	6.1.0.5	cpe:2.3:a:ibm:websphere_portal:6.1.0.5:::::::*
ibm	websphere_portal	6.1.0.6	cpe:2.3:a:ibm:websphere_portal:6.1.0.6:::::::*
ibm	websphere_portal	6.1.5.0	cpe:2.3:a:ibm:websphere_portal:6.1.5.0:::::::*
ibm	websphere_portal	6.1.5.1	cpe:2.3:a:ibm:websphere_portal:6.1.5.1:::::::*
ibm	websphere_portal	6.1.5.2	cpe:2.3:a:ibm:websphere_portal:6.1.5.2:::::::*

Rows per page:

1-10 of 151

References

www-01.ibm.com/support/docview.wss?uid=swg1PI16127

www-01.ibm.com/support/docview.wss?uid=swg21680230

www.securitytracker.com/id/1030669

exchange.xforce.ibmcloud.com/vulnerabilities/92626

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

Related for CVE-2014-0953