CVE-2014-6137

Published: Feb 16, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (1)

Products: Ibm: Tivoli Endpoint Manager

Ibm

1 product

Tivoli Endpoint Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Endpoint Manager	Up to 9.1.1117

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg21692516

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/72559

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96817

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21692516

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/72559

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96817

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.