Lucene search

[email protected]CVE-2009-1334

HistoryApr 17, 2009 - 2:30 p.m.

CVE-2009-1334

2009-04-1714:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1334

cross-site scripting

xss

ibm tivoli

continuous data protection

cdp

files 3.1.4.0

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.

Affected configurations

NVD

Node

ibmtivoli_continuous_data_protection_for_filesMatch3.1.4.0

CPENameOperatorVersion
ibm:tivoli_continuous_data_protection_for_filesibm tivoli continuous data protection for fileseq3.1.4.0

CPE	Name	Operator	Version
ibm:tivoli_continuous_data_protection_for_files	ibm tivoli continuous data protection for files	eq	3.1.4.0

References

secunia.com/advisories/34646

securitytracker.com/id?1022060

www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS

www.osvdb.org/53651

www.securityfocus.com/bid/34513

www.vupen.com/english/advisories/2009/1021

exchange.xforce.ibmcloud.com/vulnerabilities/49872

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for CVE-2009-1334

cvelist1 prion1 nvd1