Lucene search

IbmCVE-2014-6193

HistoryDec 19, 2014 - 2:59 a.m.

CVE-2014-6193

2014-12-1902:59:03

ibm

web.nvd.nist.gov

cve-2014-6193

ibm

websphere portal

xml injection

security vulnerability

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

43.6%

JSON

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.1

ibmwebsphere_portalMatch8.5.0.0

VendorProductVersionCPE
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.1cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal8.5.0.0cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:::::::*
ibm	websphere_portal	8.0.0.1	cpe:2.3:a:ibm:websphere_portal:8.0.0.1:::::::*
ibm	websphere_portal	8.5.0.0	cpe:2.3:a:ibm:websphere_portal:8.5.0.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1PI28699

www-01.ibm.com/support/docview.wss?uid=swg21692107

exchange.xforce.ibmcloud.com/vulnerabilities/98567

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

43.6%

JSON

Related for CVE-2014-6193