Lucene search

IbmCVE-2014-8893

HistoryJan 29, 2015 - 1:59 a.m.

CVE-2014-8893

2015-01-2901:59:00

CWE-79

ibm

web.nvd.nist.gov

ibm

tririga

xss

vulnerabilities

mainpage.jsp

getimageservlet.img

cve-2014-8893

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibmtririga_application_platformMatch3.2.1

ibmtririga_application_platformMatch3.3.2.0

ibmtririga_application_platformMatch3.3.2.1

ibmtririga_application_platformMatch3.3.2.2

ibmtririga_application_platformMatch3.4.0.0

ibmtririga_application_platformMatch3.4.0.1

ibmtririga_application_platformMatch3.4.1.0

VendorProductVersionCPE
ibmtririga_application_platform3.2.1cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
ibmtririga_application_platform3.3.2.0cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*
ibmtririga_application_platform3.3.2.1cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:*:*:*:*:*:*:*
ibmtririga_application_platform3.3.2.2cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:*:*:*:*:*:*:*
ibmtririga_application_platform3.4.0.0cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*
ibmtririga_application_platform3.4.0.1cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:*:*:*:*:*:*:*
ibmtririga_application_platform3.4.1.0cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tririga_application_platform	3.2.1	cpe:2.3:a:ibm:tririga_application_platform:3.2.1:::::::*
ibm	tririga_application_platform	3.3.2.0	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:::::::*
ibm	tririga_application_platform	3.3.2.1	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:::::::*
ibm	tririga_application_platform	3.3.2.2	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:::::::*
ibm	tririga_application_platform	3.4.0.0	cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:::::::*
ibm	tririga_application_platform	3.4.0.1	cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:::::::*
ibm	tririga_application_platform	3.4.1.0	cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:::::::*

References

secunia.com/advisories/62674

www-01.ibm.com/support/docview.wss?uid=swg21694767

exchange.xforce.ibmcloud.com/vulnerabilities/99012

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVE-2014-8893