Security Bulletin: Security vulnerabilities related to Cross-site scripting identified in Tivoli Integrated Portal shipped with Tivoli Network Manager IP Edition (CVE-2014-6151, CVE-2014-6152)

Summary

Tivoli Network Manager IP Edition shipped with Tivoli Integrated Portal has released security vulnerability fixes.

Vulnerability Details

There are two vulnerabilities reported for Tivoli Integrated Portal on Cross-site scripting, as listed below.
**
CVE ID: CVE-2014-6151
DESCRIPTION: HTTP Response Splitting vulnerability
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97033&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)**

**
CVE ID: CVE-2014-6152
DESCRIPTION: Reflected XSS Vulnerabilities
CVSS Base Score: 3.5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97034&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)**

Remediation/Fixes

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
Tivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x,
Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x,
Tivoli Network Manager 4.1 and 4.1.1| Bundled the TIP version 2.2.0.x
Upgrade TIP interim fix as determined below:
<http://www-01.ibm.com/support/docview.wss?uid=swg21687541&gt;