Tivoli Network Manager IP Edition shipped with Tivoli Integrated Portal has released security vulnerability fixes.
There are two vulnerabilities reported for Tivoli Integrated Portal on Cross-site scripting, as listed below.
**
CVE ID: CVE-2014-6151
DESCRIPTION: HTTP Response Splitting vulnerability
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97033> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)**
**
CVE ID: CVE-2014-6152
DESCRIPTION: Reflected XSS Vulnerabilities
CVSS Base Score: 3.5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97034>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)**
Affected Product and Version(s)
| Product and Version shipped as a component
—|—
Tivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x,
Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x,
Tivoli Network Manager 4.1 and 4.1.1| Bundled the TIP version 2.2.0.x
Upgrade TIP interim fix as determined below:
<http://www-01.ibm.com/support/docview.wss?uid=swg21687541>