CVE-2014-8899

Published: Dec 22, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8898.

Affected (20)

Products: Ibm: Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management

Ibm

2 products

Infosphere Master Data Management Collaborative Server

Infosphere Master Data Management Server For Product Information Management

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.1
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.2
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.3
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.4
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.5
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0
Ibm Infosphere Master Data Management Collaborative Server	Version 10.1.0
Ibm Infosphere Master Data Management Collaborative Server	Version 11.0
Ibm Infosphere Master Data Management Collaborative Server	Version 11.3
Ibm Infosphere Master Data Management Collaborative Server	Version 11.4

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.1
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.2
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.3
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.4
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.5
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.6
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.7
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.8
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21692176

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/99052

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21692176

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/99052

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.