Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6C644960F467D7B404C1F1C236C904E95CBB011C952B7BB1CE514FFD85F02FDD
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 7.5

2018-06-1507:02:21
www.ibm.com
10

0.003 Low

EPSS

Percentile

71.1%

JSON

Summary

This bulletin describes a variety of minor security issues that have been found and fixed in WebSphere Service Registry and Repository version 7.5

Vulnerability Details

CVE ID: CVE-2014-6153

DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY.

CVSS

CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97622&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-6132

DESCRIPTION: DOM BASED CROSS-SITE SCRIPTING VULNERABILITY IN WSRR WEB UI

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96812 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6155

DESCRIPTION: PATH TRAVERSAL VULNERABILITIES IN SERVICEREGISTRY UI

CVSS

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97678 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2014-6177

DESCRIPTION: ACCESS CONTROL IS NOT CHECKED WHEN A RETRIEVE TO DEPTH 0 IS PERFORMED.

CVSS

CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98492&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2014-6179

DESCRIPTION: IBM AppScan detected that a DOM base XSS vulnerability exists in the WSRR Web UI.

CVSS

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98516&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2014-6178

DESCRIPTION: SCRIPT INJECTION POSSIBLE IN WSRR WIDGETS.

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98514&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6180

DESCRIPTION: USER AGENT HTML INJECTION VULNERABILITY IN WSRR WEB UI.

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98515&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6187

DESCRIPTION: XSRF ISSUES FLAGGED BY RATIONAL APPSCAN

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98553&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6188

DESCRIPTION: XSS ISSUES FLAGGED BY RATIONAL APPSCAN

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98554&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-6186

DESCRIPTION: OBJECTS NOT ACCESSIBLE DUE TO ACCESS CONTROL RESTRICTIONS CAN STILL APPEAR IN DATAGRAPH

CVSS

CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98549&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Affected Products and Versions

WSRR 7.5

Remediation/Fixes

CVE

| APAR|Remediation/First Fix
—|—|—
CVE-2014-6153| IV64010| Contact WSRR Support.
CVE-2014-6132| IV64000| Contact WSRR Support.
CVE-2014-6155| IV63585| Contact WSRR Support.
CVE-2014-6177| IV24386| Install WSRR Fix Pack 7.5.0.3 or above
CVE-2014-6179| IV51859| Install WSRR Fix Pack 7.5.0.4
CVE-2014-6178| IV51765| Install WSRR Fix Pack 7.5.0.4
CVE-2014-6180| IV01657| Install WSRR Fix Pack 7.5.0.1 or above
CVE-2014-6187| IV26727| Install WSRR Fix Pack 7.5.0.3 or above
CVE-2014-6188| IV26727| Install WSRR Fix Pack 7.5.0.3 or above
CVE-2014-6186| IV26309| Install WSRR Fix Pack 7.5.0.3 or above

Related

nessus 5
ibm 2
nvd 10
cve 10
prion 10
cvelist 10
nessus
nessus
IBM WebSphere Service Registry and Repository 7.5 < 7.5.0.4 Multiple Vulnerabilities
2015-01-20 00:00:00
IBM WebSphere Service Registry and Repository 8.0 < 8.0.0.3 Multiple Vulnerabilities
2015-01-20 00:00:00
IBM WebSphere Service Registry and Repository 6.3 < 6.3.0.5 Multiple Vulnerabilities
2015-01-20 00:00:00
ibm
ibm
Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.0
2018-06-15 07:02:22
Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.5
2018-06-15 07:02:22
nvd
nvd
CVE-2014-6179
2014-12-24 11:59:06
CVE-2014-6177
2014-12-24 11:59:04
CVE-2014-6155
2014-12-24 11:59:03
cve
cve
CVE-2014-6180
2014-12-24 11:59:07
CVE-2014-6178
2014-12-24 11:59:05
CVE-2014-6179
2014-12-24 11:59:06
prion
prion
Cross site scripting
2014-12-24 11:59:00
Cross site scripting
2014-12-24 11:59:00
Directory traversal
2014-12-24 11:59:00
cvelist
cvelist
CVE-2014-6188
2014-12-24 11:00:00
CVE-2014-6178
2014-12-24 11:00:00
CVE-2014-6155
2014-12-24 11:00:00

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for 6C644960F467D7B404C1F1C236C904E95CBB011C952B7BB1CE514FFD85F02FDD
nessus5ibm2nvd10cve10prion10cvelist10