Lucene search

[email protected]NVD:CVE-2014-6196

HistoryNov 26, 2014 - 2:59 a.m.

CVE-2014-6196

2014-11-2602:59:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

Affected configurations

Nvd

Node

ibmweb_experience_factoryMatch6.1.5

ibmweb_experience_factoryMatch7.0.1

ibmweb_experience_factoryMatch7.0.1.1

ibmweb_experience_factoryMatch7.0.1.2

ibmweb_experience_factoryMatch7.0.1.3

ibmweb_experience_factoryMatch7.0.1.4

ibmweb_experience_factoryMatch8.0

ibmweb_experience_factoryMatch8.0.0

ibmweb_experience_factoryMatch8.0.0.1

ibmweb_experience_factoryMatch8.0.0.2

ibmweb_experience_factoryMatch8.0.0.3

ibmweb_experience_factoryMatch8.5

ibmweb_experience_factoryMatch8.5.0.1

AND

ibmlotus_widget_factoryMatch-

ibmwebsphere_dashboard_frameworkMatch-

VendorProductVersionCPE
ibmweb_experience_factory6.1.5cpe:2.3:a:ibm:web_experience_factory:6.1.5:*:*:*:*:*:*:*
ibmweb_experience_factory7.0.1cpe:2.3:a:ibm:web_experience_factory:7.0.1:*:*:*:*:*:*:*
ibmweb_experience_factory7.0.1.1cpe:2.3:a:ibm:web_experience_factory:7.0.1.1:*:*:*:*:*:*:*
ibmweb_experience_factory7.0.1.2cpe:2.3:a:ibm:web_experience_factory:7.0.1.2:*:*:*:*:*:*:*
ibmweb_experience_factory7.0.1.3cpe:2.3:a:ibm:web_experience_factory:7.0.1.3:*:*:*:*:*:*:*
ibmweb_experience_factory7.0.1.4cpe:2.3:a:ibm:web_experience_factory:7.0.1.4:*:*:*:*:*:*:*
ibmweb_experience_factory8.0cpe:2.3:a:ibm:web_experience_factory:8.0:*:*:*:*:*:*:*
ibmweb_experience_factory8.0.0cpe:2.3:a:ibm:web_experience_factory:8.0.0:*:*:*:*:*:*:*
ibmweb_experience_factory8.0.0.1cpe:2.3:a:ibm:web_experience_factory:8.0.0.1:*:*:*:*:*:*:*
ibmweb_experience_factory8.0.0.2cpe:2.3:a:ibm:web_experience_factory:8.0.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	web_experience_factory	6.1.5	cpe:2.3:a:ibm:web_experience_factory:6.1.5:::::::*
ibm	web_experience_factory	7.0.1	cpe:2.3:a:ibm:web_experience_factory:7.0.1:::::::*
ibm	web_experience_factory	7.0.1.1	cpe:2.3:a:ibm:web_experience_factory:7.0.1.1:::::::*
ibm	web_experience_factory	7.0.1.2	cpe:2.3:a:ibm:web_experience_factory:7.0.1.2:::::::*
ibm	web_experience_factory	7.0.1.3	cpe:2.3:a:ibm:web_experience_factory:7.0.1.3:::::::*
ibm	web_experience_factory	7.0.1.4	cpe:2.3:a:ibm:web_experience_factory:7.0.1.4:::::::*
ibm	web_experience_factory	8.0	cpe:2.3:a:ibm:web_experience_factory:8.0:::::::*
ibm	web_experience_factory	8.0.0	cpe:2.3:a:ibm:web_experience_factory:8.0.0:::::::*
ibm	web_experience_factory	8.0.0.1	cpe:2.3:a:ibm:web_experience_factory:8.0.0.1:::::::*
ibm	web_experience_factory	8.0.0.2	cpe:2.3:a:ibm:web_experience_factory:8.0.0.2:::::::*

Rows per page:

1-10 of 151

References

secunia.com/advisories/59546

www-01.ibm.com/support/docview.wss?uid=swg1LO82672

www-01.ibm.com/support/docview.wss?uid=swg1LO82673

www-01.ibm.com/support/docview.wss?uid=swg1LO82674

www-01.ibm.com/support/docview.wss?uid=swg1LO82675

www-01.ibm.com/support/docview.wss?uid=swg1LO82676

www-01.ibm.com/support/docview.wss?uid=swg21690018

exchange.xforce.ibmcloud.com/vulnerabilities/98608

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

Related for NVD:CVE-2014-6196

prion1 cve1 cvelist1