Lucene search

[email protected]CVE-2011-2172

HistoryMay 26, 2011 - 4:55 p.m.

CVE-2011-2172

2011-05-2616:55:06

CWE-79

[email protected]

web.nvd.nist.gov

ibm

websphere portal

xss

vulnerability

cve-2011-2172

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.1cf002

ibmwebsphere_portalMatch7.0.0.1cf003

CPENameOperatorVersion
ibm:websphere_portalibm websphere portaleq7.0.0.1

CPE	Name	Operator	Version
ibm:websphere_portal	ibm websphere portal	eq	7.0.0.1

References

osvdb.org/72500

secunia.com/advisories/44700

www-01.ibm.com/support/docview.wss?uid=swg1PM36644

www-01.ibm.com/support/docview.wss?uid=swg1PM37009

www.ibm.com/support/docview.wss?uid=swg24029452

www.securityfocus.com/bid/47954

exchange.xforce.ibmcloud.com/vulnerabilities/67594

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2011-2172

nvd1 prion1 cvelist1