Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0932

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-0932
Last Modified 02 Sep 2015 12:53:04
Published 21 Apr 2014 06:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-0932

Summary

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Vulnerable Systems

Application

  • Ibm Sterling Order Management 8.5

  • Ibm Sterling Selling And Fulfillment Foundation 9.0


References

XF - ibm-sterlingom-cve20140932-xss(92264)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21670912

AIXAPAR - IT00419

BID - 66993


Last Updated: 27 May 2016 11:05:02