IBM52A166C5091DDAC90526B949EAEBBE5BB716C4D161E3987FD08893C96FDF59B5Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191)
EPSS
Percentile
56.9%
Summary
IBM OpenPages GRC Platform has addressed CKEditor (Preview Plugin) vulnerability (CVE-2014-5191)
Vulnerability Details
CVEID: CVE-2014-5191 DESCRIPTION: Preview Plugin for CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victimβs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimβs cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95197> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM OpenPages GRC Platform versions 7.3 through 8.0
Remediation/Fixes
A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM OpenPages GRC Platform 8.0 | ||
| 8.0.0.2 | <https://www.ibm.com/support/docview.wss?uid=ibm10744175> | |
| IBM OpenPages GRC Platform7.3.0 | ||
| 7.3.0.3 | <https://www.ibm.com/support/docview.wss?uid=ibm10794867> |
Workarounds and Mitigations
None known, apply fixes.
Related
EPSS
Percentile
56.9%