Lucene search

[email protected]CVE-2014-6196

HistoryNov 26, 2014 - 2:59 a.m.

CVE-2014-6196

2014-11-2602:59:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-6196

cross-site scripting (xss)

ibm

web experience factory

wef

websphere dashboard framework

wdf

lotus widget factory

lwf

dojo builder error

websphere portal

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

Affected configurations

NVD

Node

ibmweb_experience_factoryMatch6.1.5

ibmweb_experience_factoryMatch7.0.1

ibmweb_experience_factoryMatch7.0.1.1

ibmweb_experience_factoryMatch7.0.1.2

ibmweb_experience_factoryMatch7.0.1.3

ibmweb_experience_factoryMatch7.0.1.4

ibmweb_experience_factoryMatch8.0

ibmweb_experience_factoryMatch8.0.0

ibmweb_experience_factoryMatch8.0.0.1

ibmweb_experience_factoryMatch8.0.0.2

ibmweb_experience_factoryMatch8.0.0.3

ibmweb_experience_factoryMatch8.5

ibmweb_experience_factoryMatch8.5.0.1

AND

ibmlotus_widget_factoryMatch-

ibmwebsphere_dashboard_frameworkMatch-

CPENameOperatorVersion
ibm:web_experience_factoryibm web experience factoryeq6.1.5
ibm:web_experience_factoryibm web experience factoryeq7.0.1
ibm:web_experience_factoryibm web experience factoryeq7.0.1.1
ibm:web_experience_factoryibm web experience factoryeq7.0.1.2
ibm:web_experience_factoryibm web experience factoryeq7.0.1.3
ibm:web_experience_factoryibm web experience factoryeq7.0.1.4
ibm:web_experience_factoryibm web experience factoryeq8.0
ibm:web_experience_factoryibm web experience factoryeq8.0.0
ibm:web_experience_factoryibm web experience factoryeq8.0.0.1
ibm:web_experience_factoryibm web experience factoryeq8.0.0.2

CPE	Name	Operator	Version
ibm:web_experience_factory	ibm web experience factory	eq	6.1.5
ibm:web_experience_factory	ibm web experience factory	eq	7.0.1
ibm:web_experience_factory	ibm web experience factory	eq	7.0.1.1
ibm:web_experience_factory	ibm web experience factory	eq	7.0.1.2
ibm:web_experience_factory	ibm web experience factory	eq	7.0.1.3
ibm:web_experience_factory	ibm web experience factory	eq	7.0.1.4
ibm:web_experience_factory	ibm web experience factory	eq	8.0
ibm:web_experience_factory	ibm web experience factory	eq	8.0.0
ibm:web_experience_factory	ibm web experience factory	eq	8.0.0.1
ibm:web_experience_factory	ibm web experience factory	eq	8.0.0.2

Rows per page:

1-10 of 131

References

secunia.com/advisories/59546

www-01.ibm.com/support/docview.wss?uid=swg1LO82672

www-01.ibm.com/support/docview.wss?uid=swg1LO82673

www-01.ibm.com/support/docview.wss?uid=swg1LO82674

www-01.ibm.com/support/docview.wss?uid=swg1LO82675

www-01.ibm.com/support/docview.wss?uid=swg1LO82676

www-01.ibm.com/support/docview.wss?uid=swg21690018

exchange.xforce.ibmcloud.com/vulnerabilities/98608

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVE-2014-6196

nvd1 prion1 cvelist1