CVE-2014-4787

Published: Sep 10, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected (4)

Products: Ibm: Initiate Master Data Service

1 product

Initiate Master Data Service

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Initiate Master Data Service	Version 10.0
Ibm Initiate Master Data Service	Version 10.1
Ibm Initiate Master Data Service	Version 9.5
Ibm Initiate Master Data Service	Version 9.7

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://secunia.com/advisories/60996

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/69722

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/95034

Source: psirt@us.ibm.com

http://secunia.com/advisories/60996

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/69722

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/95034

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.