CVE-2014-0843

Опубликовано: 26 фев. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21665005
Patch
Vendor Advisory
http://www.securityfocus.com/bid/65730
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90714
http://www-01.ibm.com/support/docview.wss?uid=swg21665005
Patch
Vendor Advisory
http://www.securityfocus.com/bid/65730
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90714

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00251

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wc83-j7mg-m426

github

больше 3 лет назад