CVE-2014-8898

Published Dec 22, 2014

Last updated 7 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8577AB42-5DEC-4A63-8C93-3BAE3D6265A1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B8FE373-1126-4806-8DDB-CFBAB0690006"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC8CC05F-3B72-4C9F-85F9-4446B8C74C31"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5CE9AFB-30BF-49D8-AAFA-C8F120912B06"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12EDD429-5305-4CD8-864F-98E574EC0010"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "330F5405-864D-44D1-A06A-43208E7F0AAA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:10.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4E20728-360E-4208-9FAC-3781BDA8AD64"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC3B259-A0C8-471C-B332-64474ECDA569"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A1AE30-B0DB-4F6D-A1B4-BB816718468E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaborative_server:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F3A6405-D576-4DD8-A7F4-3BB9CED6F543"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "255039A5-70E0-4C50-A34E-8CDC3AFAAD50"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BABC3C74-CE99-4B42-A559-190098822B2F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11E2F90E-B197-41EC-8398-25EE0F323D6E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7CDB76F-F162-473E-BD26-B956588D6026"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62A95C75-51DC-465C-9879-122D72B60DF1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94F59737-9ADF-494E-9E29-4B07665040B5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CBE4A06-5132-48B0-A98C-2E40EB6414DA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E45B2EE-65CE-4BA1-89C6-D36A5A3DF53F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB923724-22AC-4EDC-875C-88210BDDDA5E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70B31406-D67C-4574-914F-49794A437D5D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References