Lucene search

K
cve[email protected]CVE-2014-6196
HistoryNov 26, 2014 - 2:59 a.m.

CVE-2014-6196

2014-11-2602:59:01
CWE-79
web.nvd.nist.gov
14
cve-2014-6196
cross-site scripting (xss)
ibm
web experience factory
wef
websphere dashboard framework
wdf
lotus widget factory
lwf
dojo builder error
websphere portal
security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

Affected configurations

NVD
Node
ibmweb_experience_factoryMatch6.1.5
OR
ibmweb_experience_factoryMatch7.0.1
OR
ibmweb_experience_factoryMatch7.0.1.1
OR
ibmweb_experience_factoryMatch7.0.1.2
OR
ibmweb_experience_factoryMatch7.0.1.3
OR
ibmweb_experience_factoryMatch7.0.1.4
OR
ibmweb_experience_factoryMatch8.0
OR
ibmweb_experience_factoryMatch8.0.0
OR
ibmweb_experience_factoryMatch8.0.0.1
OR
ibmweb_experience_factoryMatch8.0.0.2
OR
ibmweb_experience_factoryMatch8.0.0.3
OR
ibmweb_experience_factoryMatch8.5
OR
ibmweb_experience_factoryMatch8.5.0.1
AND
ibmlotus_widget_factoryMatch-
OR
ibmwebsphere_dashboard_frameworkMatch-

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

Related for CVE-2014-6196