CVE-2014-0917
Vulnerability from cvelistv5
Published
2014-05-16 10:00
Modified
2024-08-06 09:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670753Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/67339
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91979
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670753Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67339
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91979
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:39.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67339",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67339"
          },
          {
            "name": "PI14125",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
          },
          {
            "name": "ibm-iehs-cve20140917-xss(91979)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "67339",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67339"
        },
        {
          "name": "PI14125",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
        },
        {
          "name": "ibm-iehs-cve20140917-xss(91979)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0917",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67339",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67339"
            },
            {
              "name": "PI14125",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
            },
            {
              "name": "ibm-iehs-cve20140917-xss(91979)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0917",
    "datePublished": "2014-05-16T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:39.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E618064A-3D05-4DC6-9A47-0EDF2427642F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DE74154-3E79-4D56-96C4-D8E644F1419D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA915826-5D89-43E9-83E7-88973648302A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5DB29F4-59AB-439C-91C4-CDF677676C26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D6CA922-11EF-4315-A09A-B4A8937E4CF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"526738D7-1AF8-4A8F-B833-BA0E35973A3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13D6BE9C-16FD-4FB4-8A87-56B42C246316\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5B50CEA-AFC4-4B45-9954-519965237FC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0902AC0F-EA4D-4E65-A70A-15DE9B904B35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D808F95D-C6BD-43EB-B16C-66449977BCFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D303B0B9-CDAB-409B-AE44-512D4791C36F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5C645C1-21E3-48A8-A1A5-9519CB845493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6ECEE98-B276-4ED6-AA5A-109EA57E9925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*\", \"matchCriteriaId\": \"2991B76F-8E96-45A9-8B9D-942AF93755E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*\", \"matchCriteriaId\": \"041D220D-2088-4633-B1AA-8902AD1C6BD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*\", \"matchCriteriaId\": \"53B376AE-7AA9-4362-9CB2-17B3AB783FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*\", \"matchCriteriaId\": \"84D744C2-DA4B-4F04-894F-7820FDC49A04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*\", \"matchCriteriaId\": \"4713D128-6C5F-4362-A0E2-363F81D9BCA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*\", \"matchCriteriaId\": \"67E76EE5-B618-49AA-A489-1BD7E45D391F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC001899-F77A-4EED-BC6D-8400FF4354EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*\", \"matchCriteriaId\": \"05426398-FE6A-4E4A-9C46-4675B5FAD915\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*\", \"matchCriteriaId\": \"29E0A9B5-945C-4859-BE83-56B34544350B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*\", \"matchCriteriaId\": \"10E59411-D50B-4A34-84C7-7563D301764A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E4FF84B-A17F-464B-A718-67C44D2C69BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*\", \"matchCriteriaId\": \"B469E735-0DCE-4616-B3FE-DED75FEAC642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0ACFABA-E470-4043-B8E7-ACE2F9781D44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D2FA62F-EEB7-4312-9359-FDA8E4743A81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2D98D3D-18DC-47CF-BED8-CD61A531D858\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*\", \"matchCriteriaId\": \"9326CFC3-D9A7-43CE-8673-FD009F7A1F44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*\", \"matchCriteriaId\": \"B34D73EE-1E9D-4896-B2A2-D1463C13F399\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*\", \"matchCriteriaId\": \"96B7FB90-D1F8-4D83-B954-A1990400BC27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE4C07B8-CC26-4F83-8BA8-8702594CBB4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*\", \"matchCriteriaId\": \"22C95FC9-0342-4ACC-B4F8-052554771D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*\", \"matchCriteriaId\": \"62AA773F-7D18-41F7-8561-81D83336E6FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C17D73E-9F0B-4C11-8C1D-A3987DED44F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*\", \"matchCriteriaId\": \"53DDB154-F94B-47F8-964B-34EFE2C99370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*\", \"matchCriteriaId\": \"10FCF563-A945-425A-A577-37867CF05CC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*\", \"matchCriteriaId\": \"8373D2A7-EC57-4336-A877-B5D262F05191\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A005963-7EF6-40D4-A54B-E3749ED5B587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*\", \"matchCriteriaId\": \"4210F236-A2B1-49F2-A16E-65BB513ECBA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A5566C6-E42F-4786-A8FC-59BE7EB47296\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C0EC0E-0106-4333-8401-0F655C0F5850\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E4DA0C-9F97-4856-B9DE-D96994A65B71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*\", \"matchCriteriaId\": \"4180809C-4A1E-4DB4-9E7C-641B753B97D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A60A788-F7B3-4922-8B30-8F586B1685CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F40E0F5-B964-4BDC-828E-7571619F7C5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A07791C-5EDE-4C2B-A441-6599339ED43F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE6F9920-B458-496B-B0C0-BF8B85606BF8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de una URL manipulada.\"}]",
      "id": "CVE-2014-0917",
      "lastModified": "2024-11-21T02:03:02.270",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-05-16T11:12:00.367",
      "references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21670753\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/67339\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/91979\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21670753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/67339\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/91979\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0917\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2014-05-16T11:12:00.367\",\"lastModified\":\"2024-11-21T02:03:02.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E618064A-3D05-4DC6-9A47-0EDF2427642F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE74154-3E79-4D56-96C4-D8E644F1419D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA915826-5D89-43E9-83E7-88973648302A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DB29F4-59AB-439C-91C4-CDF677676C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6CA922-11EF-4315-A09A-B4A8937E4CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"526738D7-1AF8-4A8F-B833-BA0E35973A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D6BE9C-16FD-4FB4-8A87-56B42C246316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B50CEA-AFC4-4B45-9954-519965237FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0902AC0F-EA4D-4E65-A70A-15DE9B904B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D808F95D-C6BD-43EB-B16C-66449977BCFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D303B0B9-CDAB-409B-AE44-512D4791C36F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5C645C1-21E3-48A8-A1A5-9519CB845493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6ECEE98-B276-4ED6-AA5A-109EA57E9925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*\",\"matchCriteriaId\":\"2991B76F-8E96-45A9-8B9D-942AF93755E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*\",\"matchCriteriaId\":\"041D220D-2088-4633-B1AA-8902AD1C6BD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B376AE-7AA9-4362-9CB2-17B3AB783FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D744C2-DA4B-4F04-894F-7820FDC49A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*\",\"matchCriteriaId\":\"4713D128-6C5F-4362-A0E2-363F81D9BCA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E76EE5-B618-49AA-A489-1BD7E45D391F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC001899-F77A-4EED-BC6D-8400FF4354EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*\",\"matchCriteriaId\":\"05426398-FE6A-4E4A-9C46-4675B5FAD915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*\",\"matchCriteriaId\":\"29E0A9B5-945C-4859-BE83-56B34544350B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E59411-D50B-4A34-84C7-7563D301764A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E4FF84B-A17F-464B-A718-67C44D2C69BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*\",\"matchCriteriaId\":\"B469E735-0DCE-4616-B3FE-DED75FEAC642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0ACFABA-E470-4043-B8E7-ACE2F9781D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D2FA62F-EEB7-4312-9359-FDA8E4743A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D98D3D-18DC-47CF-BED8-CD61A531D858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*\",\"matchCriteriaId\":\"9326CFC3-D9A7-43CE-8673-FD009F7A1F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*\",\"matchCriteriaId\":\"B34D73EE-1E9D-4896-B2A2-D1463C13F399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B7FB90-D1F8-4D83-B954-A1990400BC27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE4C07B8-CC26-4F83-8BA8-8702594CBB4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C95FC9-0342-4ACC-B4F8-052554771D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*\",\"matchCriteriaId\":\"62AA773F-7D18-41F7-8561-81D83336E6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C17D73E-9F0B-4C11-8C1D-A3987DED44F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*\",\"matchCriteriaId\":\"53DDB154-F94B-47F8-964B-34EFE2C99370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FCF563-A945-425A-A577-37867CF05CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*\",\"matchCriteriaId\":\"8373D2A7-EC57-4336-A877-B5D262F05191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A005963-7EF6-40D4-A54B-E3749ED5B587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*\",\"matchCriteriaId\":\"4210F236-A2B1-49F2-A16E-65BB513ECBA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5566C6-E42F-4786-A8FC-59BE7EB47296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C0EC0E-0106-4333-8401-0F655C0F5850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E4DA0C-9F97-4856-B9DE-D96994A65B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*\",\"matchCriteriaId\":\"4180809C-4A1E-4DB4-9E7C-641B753B97D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A60A788-F7B3-4922-8B30-8F586B1685CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F40E0F5-B964-4BDC-828E-7571619F7C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A07791C-5EDE-4C2B-A441-6599339ED43F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE6F9920-B458-496B-B0C0-BF8B85606BF8\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21670753\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/67339\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/91979\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21670753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/67339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/91979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.