IBM521D6320F62AABB0EAE69EE5EC451A558432EE08E27D61D3E671DA6D9F7DD804Security Bulletin: Vulnerabilities in Dojo Toolkit affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-8917)
EPSS
Percentile
73.5%
Summary
There are cross-site scripting vulnerabilities in the Dojo Toolkit that is used by IBM Worklight and IBM MobileFirst Platform Foundation.
Vulnerability Details
CVEID: CVE-2014-8917
DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victimโs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimโs cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99303> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products and Versions
- IBM Mobile Foundation and IBM Worklight Consumer Edition Versions 5.0.5.0 and 5.0.5.1
- IBM Mobile Foundation and IBM Worklight Enterprise Edition Versions 5.0.5.0 and 5.0.5.1
-
- IBM Mobile Foundation and IBM Worklight Consumer Edition Versions 5.0.6.0, 5.0.6.1 and 5.0.6.2
- IBM Mobile Foundation and IBM Worklight Enterprise Edition Versions 5.0.6.0, 5.0.6.1 and 5.0.6.2
-
- IBM Mobile Foundation and IBM Worklight Consumer Edition Versions 6.0.0.0, 6.0.0.1 and 6.0.0.2
- IBM Mobile Foundation and IBM Worklight Enterprise Edition Versions 6.0.0.0, 6.0.0.1 and 6.0.0.2
- IBM Worklight Consumer Edition Versions 6.1.0.0, 6.1.0.1 and 6.1.0.2
- IBM Worklight Enterprise Edition Versions 6.1.0.0, 6.1.0.1 and 6.1.0.2
- IBM Worklight Foundation Consumer Edition Version 6.2.0.0 and 6.2.0.1
- IBM Worklight Foundation Enterprise Edition Version 6.2.0.0 and 6.2.0.1
- IBM MobileFirst Platform Foundation Version 6.3.0.0
Remediation/Fixes
Download the latest interim fix for your product and version containing APARs PI32264 and PI31648:
V5.0.5: IBM Worklight Consumer Edition, IBM Worklight Enterprise Edition, IBM Mobile Foundation Consumer Edition, IBM Mobile Foundation Enterprise Edition
V5.0.6: IBM Worklight Consumer Edition, IBM Worklight Enterprise Edition, IBM Mobile Foundation Consumer Edition, IBM Mobile Foundation Enterprise Edition
V6.0.0: IBM Worklight Consumer Edition, IBM Worklight Enterprise Edition, IBM Mobile Foundation Consumer Edition, IBM Mobile Foundation Enterprise Edition
V6.1.0: IBM Worklight Consumer Edition, IBM Worklight Enterprise Edition
V6.2.0: IBM Worklight Foundation Consumer Edition, IBM Worklight Foundation Enterprise Edition
V6.3.0: IBM MobileFirst Platform Foundation
Workarounds and Mitigations
None
Related
EPSS
Percentile
73.5%