CVE-2014-0843: XSS
First published: Tue Feb 25 2014(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Focal Point | =6.4 | |
| IBM Rational Focal Point | =6.4.0.1 | |
| IBM Rational Focal Point | =6.4.1.0 | |
| IBM Rational Focal Point | =6.4.1.1 | |
| IBM Rational Focal Point | =6.4.1.2 | |
| IBM Rational Focal Point | =6.4.1.3 | |
| IBM Rational Focal Point | =6.5 | |
| IBM Rational Focal Point | =6.5.0.1 | |
| IBM Rational Focal Point | =6.5.0.2 | |
| IBM Rational Focal Point | =6.5.1 | |
| IBM Rational Focal Point | =6.5.1.1 | |
| IBM Rational Focal Point | =6.5.2 | |
| IBM Rational Focal Point | =6.5.2.1 | |
| IBM Rational Focal Point | =6.5.2.2 | |
| IBM Rational Focal Point | =6.5.2.3 | |
| IBM Rational Focal Point | =6.6 | |
| IBM Rational Focal Point | =6.6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0843?
CVE-2014-0843 has a medium severity rating due to its potential for cross-site scripting attacks that can be exploited by authenticated users.
How do I fix CVE-2014-0843?
To fix CVE-2014-0843, update IBM Rational Focal Point to version 6.5.2.3 or later, or 6.6.1 or later.
What types of attacks can be executed via CVE-2014-0843?
CVE-2014-0843 allows attackers to perform cross-site scripting (XSS) attacks, injecting arbitrary web scripts or HTML.
Who is affected by CVE-2014-0843?
CVE-2014-0843 affects users of IBM Rational Focal Point versions 6.4.x, 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1.
Can CVE-2014-0843 be exploited without authentication?
No, CVE-2014-0843 requires an authenticated user to exploit the vulnerability by uploading a malicious file.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm rational focal point
- version/ibm rational focal point/6.4
- version/ibm rational focal point/6.4.0.1
- version/ibm rational focal point/6.4.1.0
- version/ibm rational focal point/6.4.1.1
- version/ibm rational focal point/6.4.1.2
- version/ibm rational focal point/6.4.1.3
- version/ibm rational focal point/6.5
- version/ibm rational focal point/6.5.0.1
- version/ibm rational focal point/6.5.0.2
- version/ibm rational focal point/6.5.1
- version/ibm rational focal point/6.5.1.1
- version/ibm rational focal point/6.5.2
- version/ibm rational focal point/6.5.2.1
- version/ibm rational focal point/6.5.2.2
- version/ibm rational focal point/6.5.2.3
- version/ibm rational focal point/6.6
- version/ibm rational focal point/6.6.0.1