Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1760CF5440DE54843DDAAA2353DDFF2F28FCAC299C1459D078A17AEC83287EA1
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.5

2018-06-1507:02:22
www.ibm.com
8

0.003 Low

EPSS

Percentile

71.1%

JSON

Summary

This bulletin describes a variety of noncritical security issues that have been found and fixed in WebSphere Service Registry and Repository version 8.5.

Vulnerability Details

CVE ID: CVE-2014-6153

DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY.

CVSS

CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97622&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-6132

DESCRIPTION: DOM BASED CROSS-SITE SCRIPTING VULNERABILITY IN WSRR WEB UI

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96812&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6155

DESCRIPTION: PATH TRAVERSAL VULNERABILITIES IN SERVICEREGISTRY UI

CVSS

CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97678&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2014-6160

DESCRIPTION: USER REMAINS LOGGED INTO SERVICEREGISTRYDASHBOARD WHEN USING WEBSEAL AND CHROME

CVSS

CVSS Base Score: 2.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97709&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

WSRR 8.5

Remediation/Fixes

CVE

| APAR|Remediation/First Fix
—|—|—
CVE-2014-6153| IV64010| Install WSRR Fix Pack 8.5.0.1
CVE-2014-6132| IV64000| Install WSRR Fix Pack 8.5.0.1
CVE-2014-6155| IV63585| Install WSRR Fix Pack 8.5.0.1
CVE-2014-6160| IV63498| Install WSRR Fix Pack 8.5.0.1

Related

nessus 5
ibm 2
cvelist 4
nvd 4
cve 4
prion 4
nessus
nessus
IBM WebSphere Service Registry and Repository 8.5 < 8.5.0.1 Multiple Vulnerabilities
2015-01-20 00:00:00
IBM WebSphere Service Registry and Repository 8.0 < 8.0.0.3 Multiple Vulnerabilities
2015-01-20 00:00:00
IBM WebSphere Service Registry and Repository 6.3 < 6.3.0.5 Multiple Vulnerabilities
2015-01-20 00:00:00
ibm
ibm
Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.0
2018-06-15 07:02:22
Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 7.5
2018-06-15 07:02:21
cvelist
cvelist
CVE-2014-6155
2014-12-24 11:00:00
CVE-2014-6160
2014-12-29 02:00:00
CVE-2014-6132
2014-12-24 11:00:00
nvd
nvd
CVE-2014-6155
2014-12-24 11:59:03
CVE-2014-6132
2014-12-24 11:59:01
CVE-2014-6160
2014-12-29 02:59:01
cve
cve
CVE-2014-6155
2014-12-24 11:59:03
CVE-2014-6160
2014-12-29 02:59:01
CVE-2014-6132
2014-12-24 11:59:01
prion
prion
Directory traversal
2014-12-24 11:59:00
Cross site scripting
2014-12-24 11:59:00
Design/Logic Flaw
2014-12-29 02:59:00

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for 1760CF5440DE54843DDAAA2353DDFF2F28FCAC299C1459D078A17AEC83287EA1
nessus5ibm2cvelist4nvd4cve4prion4