Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8893

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-8893
Last Modified 17 Sep 2015 02:11:13
Published 28 Jan 2015 08:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-8893

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Vulnerable Systems

Application

  • Ibm Tririga Application Platform 3.2.1

  • Ibm Tririga Application Platform 3.3.2.0

  • Ibm Tririga Application Platform 3.3.2.1

  • Ibm Tririga Application Platform 3.3.2.2

  • Ibm Tririga Application Platform 3.4.0.0

  • Ibm Tririga Application Platform 3.4.0.1

  • Ibm Tririga Application Platform 3.4.1.0


References

XF - ibm-tririga-cve20148893-xss(99012)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21694767

SECUNIA - 62674


Last Updated: 27 May 2016 11:07:42