Lucene search

[email protected]CVE-2014-4770

HistorySep 23, 2014 - 10:55 p.m.

CVE-2014-4770

2014-09-2322:55:00

CWE-79

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

xss

vulnerability

nvd

cve-2014-4770

3.6 Low

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0.21
ibm:websphere_application_serveribm websphere application servereq6.1.0.31
ibm:websphere_application_serveribm websphere application servereq7.0.0.14
ibm:websphere_application_serveribm websphere application servereq8.5.0.2
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq7.0.0.12
ibm:websphere_application_serveribm websphere application servereq7.0.0.2
ibm:websphere_application_serveribm websphere application servereq7.0.0.31
ibm:websphere_application_serveribm websphere application servereq6.1.0.19
ibm:websphere_application_serveribm websphere application servereq7.0.0.24

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.21
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.31
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.14
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.12
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.31
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.19
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.24

Rows per page:

1-10 of 1201

References

secunia.com/advisories/61418

secunia.com/advisories/61423

www-01.ibm.com/support/docview.wss?uid=swg1PI23055

www-01.ibm.com/support/docview.wss?uid=swg21682767

www.kb.cert.org/vuls/id/573356

www.securityfocus.com/bid/69981

exchange.xforce.ibmcloud.com/vulnerabilities/95209

3.6 Low

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2014-4770

prion1 cert1 openvas1 ibm5 nessus6