IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
CVE ID: CVE-2014-6150** **DESCRIPTION: A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96920> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
7.2.2.0 - 7.2.2.2
For each affected TADDM release (7.2.2), there are eFixes prepared on top of latest FixPack:
Fix
|
VRMF
|
APAR
|
How to acquire fix
—|—|—|—
efix_65589_FP220140731.zip
|
7.2.2.2
|
None
|
Details of the eFix are in etc/<efix_name>_readme.txt
If an eFix is required on any other TADDM version, please contact IBM Support. Open a PMR for a custom version of this eFix. Include your current eFix level, TADDM version and a link to this bulletin.
The eFixes are created to be installed on the above FixPacks without any previously applied eFixes. If there are other eFixes installed (ls -rlt etc/efix*) open a PMR for a custom version of this eFix.