fkie_nvd - fkie_cve-2014-0955

fkie_cve-2014-0955

Vulnerability from fkie_nvd

Published

2014-05-22 11:14

Modified

2024-11-21 02:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21672572	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/92628
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21672572	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/92628

Impacted products

Vendor	Product	Version
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.0
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1
ibm	websphere_portal	8.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
              "matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
              "matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
              "matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
              "matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
              "matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
              "matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
              "matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
              "matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
              "matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
              "matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
              "matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
              "matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0 anterior a 8.0.0.1 CF12, cuando Social Rendering en la integraci\u00f3n de Connections est\u00e1 habilitado, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-0955",
  "lastModified": "2024-11-21T02:03:06.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-22T11:14:14.723",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-0955

Vulnerability from cvelistv5

Published

2014-05-22 10:00

Modified

2024-08-06 09:34