CVE-2014-0855

2014-02-1413:10:30

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmconnections_portletsMatch4.0

ibmconnections_portletsMatch4.5

ibmconnections_portletsMatch4.5.1

AND

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0.0.1

VendorProductVersionCPE
ibmconnections_portlets4.0cpe:2.3:a:ibm:connections_portlets:4.0:*:*:*:*:*:*:*
ibmconnections_portlets4.5cpe:2.3:a:ibm:connections_portlets:4.5:*:*:*:*:*:*:*
ibmconnections_portlets4.5.1cpe:2.3:a:ibm:connections_portlets:4.5.1:*:*:*:*:*:*:*
ibmwebsphere_portal7.0.0.2cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.1cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	connections_portlets	4.0	cpe:2.3:a:ibm:connections_portlets:4.0:::::::*
ibm	connections_portlets	4.5	cpe:2.3:a:ibm:connections_portlets:4.5:::::::*
ibm	connections_portlets	4.5.1	cpe:2.3:a:ibm:connections_portlets:4.5.1:::::::*
ibm	websphere_portal	7.0.0.2	cpe:2.3:a:ibm:websphere_portal:7.0.0.2:::::::*
ibm	websphere_portal	8.0.0.1	cpe:2.3:a:ibm:websphere_portal:8.0.0.1:::::::*