Lucene search

[email protected]CVE-2014-5338

HistoryAug 22, 2014 - 2:55 p.m.

CVE-2014-5338

2014-08-2214:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5338

xss

check_mk

web security

vulnerability

nvd

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.

CPENameOperatorVersion
check_mk_project:check_mkcheck mk project check mkeq1.2.4
check_mk_project:check_mkcheck mk project check mkeq1.2.5

CPE	Name	Operator	Version
check_mk_project:check_mk	check mk project check mk	eq	1.2.4
check_mk_project:check_mk	check mk project check mk	eq	1.2.5

References

mathias-kettner.de/check_mk_werks.php?werk_id=0982&HTML=yes

packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html

rhn.redhat.com/errata/RHSA-2015-1495.html

www.securityfocus.com/archive/1/533180/100/0/threaded

www.securityfocus.com/bid/69312

exchange.xforce.ibmcloud.com/vulnerabilities/95383

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

Related for CVE-2014-5338

prion1 veracode3 ubuntucve1 nessus7 fedora6 securityvulns2 redhat1 openvas4