This bulletin describes a variety of minor security issues that have been found and fixed in WebSphere Service Registry and Repository version 8.0
CVE ID: CVE-2014-6153
DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY.
CVSS
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97622> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE ID: CVE-2014-6132
DESCRIPTION: DOM BASED CROSS-SITE SCRIPTING VULNERABILITY IN WSRR WEB UI
CVSS
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96812> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2014-6155
DESCRIPTION: PATH TRAVERSAL VULNERABILITIES IN SERVICEREGISTRY UI
CVSS
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97678> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVE ID: CVE-2014-6179
DESCRIPTION: IBM AppScan detected that a DOM base XSS vulnerability exists in the WSRR Web UI.
CVSS
CVSS Base Score: 4.3
CVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/vulnerabilities/98516> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2014-6178
DESCRIPTION: SCRIPT INJECTION POSSIBLE IN WSRR WIDGETS.
CVSS
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98514> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2014-6187
DESCRIPTION: XSRF ISSUES FLAGGED BY RATIONAL APPSCAN
CVSS
CVSS Base Score: 3.5
CVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/vulnerabilities/98553> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2014-6188
DESCRIPTION: XSS ISSUES FLAGGED BY RATIONAL APPSCAN
CVSS
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98554> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2014-6186
DESCRIPTION: OBJECTS NOT ACCESSIBLE DUE TO ACCESS CONTROL RESTRICTIONS CAN STILL APPEAR IN DATAGRAPH
CVSS
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98549> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVE
| APAR|Remediation/First Fix
—|—|—
CVE-2014-6153| IV64010| Install WSRR Fix Pack 8.0.0.3.
CVE-2014-6132| IV64000| Install WSRR Fix Pack 8.0.0.3.
CVE-2014-6155| IV63585| Install WSRR Fix Pack 8.0.0.3.
CVE-2014-6179| IV51859| Install WSRR Fix Pack 8.0.0.2 or above.
CVE-2014-6178| IV51765| Install WSRR Fix Pack 8.0.0.3.
CVE-2014-6187| IV26727| Install WSRR Fix Pack 8.0.0.2 or above.
CVE-2014-6188| IV26727| Install WSRR Fix Pack 8.0.0.2 or above.
CVE-2014-6186| IV26309| Install WSRR Fix Pack 8.0.0.1 or above.