CVE-2014-4770: XSS
First published: Tue Sep 23 2014(Updated: )
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.28 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.30 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.32 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.35 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.37 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.39 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.41 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.43 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.35 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.37 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.39 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.41 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.43 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.45 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.47 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/61418
- http://secunia.com/advisories/61423
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055
- http://www-01.ibm.com/support/docview.wss?uid=swg21682767
- http://www.kb.cert.org/vuls/id/573356
- http://www.securityfocus.com/bid/69981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95209
Frequently Asked Questions
What is the severity of CVE-2014-4770?
The severity of CVE-2014-4770 is considered medium due to its potential for exploitation through cross-site scripting.
How do I fix CVE-2014-4770?
To fix CVE-2014-4770, upgrade your IBM WebSphere Application Server to a version above the affected versions listed in the vulnerability report.
Which versions of IBM WebSphere Application Server are affected by CVE-2014-4770?
CVE-2014-4770 affects IBM WebSphere Application Server versions 6.x through 8.5.5.3 before the specified fix releases.
What type of vulnerability is CVE-2014-4770?
CVE-2014-4770 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2014-4770 be exploited by unauthenticated users?
CVE-2014-4770 requires remote authenticated administrators to exploit the vulnerability via a crafted URL.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/6.0
- version/ibm websphere application server feature pack for web services/6.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.0.2
- version/ibm websphere application server feature pack for web services/6.0.0.3
- version/ibm websphere application server feature pack for web services/6.0.1
- version/ibm websphere application server feature pack for web services/6.0.1.1
- version/ibm websphere application server feature pack for web services/6.0.1.2
- version/ibm websphere application server feature pack for web services/6.0.1.3
- version/ibm websphere application server feature pack for web services/6.0.1.5
- version/ibm websphere application server feature pack for web services/6.0.1.7
- version/ibm websphere application server feature pack for web services/6.0.1.9
- version/ibm websphere application server feature pack for web services/6.0.1.11
- version/ibm websphere application server feature pack for web services/6.0.1.13
- version/ibm websphere application server feature pack for web services/6.0.1.15
- version/ibm websphere application server feature pack for web services/6.0.1.17
- version/ibm websphere application server feature pack for web services/6.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.1
- version/ibm websphere application server feature pack for web services/6.0.2.2
- version/ibm websphere application server feature pack for web services/6.0.2.3
- version/ibm websphere application server feature pack for web services/6.0.2.4
- version/ibm websphere application server feature pack for web services/6.0.2.5
- version/ibm websphere application server feature pack for web services/6.0.2.6
- version/ibm websphere application server feature pack for web services/6.0.2.7
- version/ibm websphere application server feature pack for web services/6.0.2.9
- version/ibm websphere application server feature pack for web services/6.0.2.11
- version/ibm websphere application server feature pack for web services/6.0.2.13
- version/ibm websphere application server feature pack for web services/6.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.17
- version/ibm websphere application server feature pack for web services/6.0.2.19
- version/ibm websphere application server feature pack for web services/6.0.2.22
- version/ibm websphere application server feature pack for web services/6.0.2.23
- version/ibm websphere application server feature pack for web services/6.0.2.24
- version/ibm websphere application server feature pack for web services/6.0.2.25
- version/ibm websphere application server feature pack for web services/6.0.2.27
- version/ibm websphere application server feature pack for web services/6.0.2.28
- version/ibm websphere application server feature pack for web services/6.0.2.29
- version/ibm websphere application server feature pack for web services/6.0.2.30
- version/ibm websphere application server feature pack for web services/6.0.2.31
- version/ibm websphere application server feature pack for web services/6.0.2.32
- version/ibm websphere application server feature pack for web services/6.0.2.33
- version/ibm websphere application server feature pack for web services/6.0.2.35
- version/ibm websphere application server feature pack for web services/6.0.2.37
- version/ibm websphere application server feature pack for web services/6.0.2.39
- version/ibm websphere application server feature pack for web services/6.0.2.41
- version/ibm websphere application server feature pack for web services/6.0.2.43
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.23
- version/ibm websphere application server feature pack for web services/6.1.0.25
- version/ibm websphere application server feature pack for web services/6.1.0.27
- version/ibm websphere application server feature pack for web services/6.1.0.29
- version/ibm websphere application server feature pack for web services/6.1.0.31
- version/ibm websphere application server feature pack for web services/6.1.0.33
- version/ibm websphere application server feature pack for web services/6.1.0.35
- version/ibm websphere application server feature pack for web services/6.1.0.37
- version/ibm websphere application server feature pack for web services/6.1.0.39
- version/ibm websphere application server feature pack for web services/6.1.0.41
- version/ibm websphere application server feature pack for web services/6.1.0.43
- version/ibm websphere application server feature pack for web services/6.1.0.45
- version/ibm websphere application server feature pack for web services/6.1.0.47
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.2
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/7.0.0.4
- version/ibm websphere application server feature pack for web services/7.0.0.5
- version/ibm websphere application server feature pack for web services/7.0.0.6
- version/ibm websphere application server feature pack for web services/7.0.0.7
- version/ibm websphere application server feature pack for web services/7.0.0.8
- version/ibm websphere application server feature pack for web services/7.0.0.9
- version/ibm websphere application server feature pack for web services/7.0.0.10
- version/ibm websphere application server feature pack for web services/7.0.0.11
- version/ibm websphere application server feature pack for web services/7.0.0.12
- version/ibm websphere application server feature pack for web services/7.0.0.13
- version/ibm websphere application server feature pack for web services/7.0.0.14
- version/ibm websphere application server feature pack for web services/7.0.0.15
- version/ibm websphere application server feature pack for web services/7.0.0.16
- version/ibm websphere application server feature pack for web services/7.0.0.17
- version/ibm websphere application server feature pack for web services/7.0.0.18
- version/ibm websphere application server feature pack for web services/7.0.0.19
- version/ibm websphere application server feature pack for web services/7.0.0.21
- version/ibm websphere application server feature pack for web services/7.0.0.22
- version/ibm websphere application server feature pack for web services/7.0.0.23
- version/ibm websphere application server feature pack for web services/7.0.0.24
- version/ibm websphere application server feature pack for web services/7.0.0.25
- version/ibm websphere application server feature pack for web services/7.0.0.27
- version/ibm websphere application server feature pack for web services/7.0.0.29
- version/ibm websphere application server feature pack for web services/7.0.0.31
- version/ibm websphere application server feature pack for web services/7.0.0.33
- version/ibm websphere application server feature pack for web services/8.0.0.0
- version/ibm websphere application server feature pack for web services/8.0.0.1
- version/ibm websphere application server feature pack for web services/8.0.0.2
- version/ibm websphere application server feature pack for web services/8.0.0.3
- version/ibm websphere application server feature pack for web services/8.0.0.4
- version/ibm websphere application server feature pack for web services/8.0.0.5
- version/ibm websphere application server feature pack for web services/8.0.0.6
- version/ibm websphere application server feature pack for web services/8.0.0.7
- version/ibm websphere application server feature pack for web services/8.0.0.8
- version/ibm websphere application server feature pack for web services/8.0.0.9
- version/ibm websphere application server feature pack for web services/8.5.0.0
- version/ibm websphere application server feature pack for web services/8.5.0.1
- version/ibm websphere application server feature pack for web services/8.5.0.2
- version/ibm websphere application server feature pack for web services/8.5.5.0
- version/ibm websphere application server feature pack for web services/8.5.5.2
- version/ibm websphere application server feature pack for web services/8.5.5.3