What is the severity of CVE-2014-6171?

The severity of CVE-2014-6171 is considered to be medium, as it allows for cross-site scripting attacks.

How do I fix CVE-2014-6171?

To fix CVE-2014-6171, update your IBM WebSphere Portal to the latest version that addresses this vulnerability.

What kind of attacks can be executed due to CVE-2014-6171?

CVE-2014-6171 allows attackers to inject arbitrary web scripts or HTML through crafted URLs.

Which versions of IBM WebSphere Portal are affected by CVE-2014-6171?

CVE-2014-6171 affects IBM WebSphere Portal versions between 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0.0 through 7.0.0.2, 8.0.0 through 8.0.0.1, and 8.5.0 before CF04.

Is CVE-2014-6171 a remote vulnerability?

Yes, CVE-2014-6171 is a remote vulnerability that can be exploited by attackers without physical access to the system.

Vulnerability/
CVE-2014-6171

medium

4.3

CWE

19/12/2014

6/8/2024

CVE-2014-6171: XSS

First published: Fri Dec 19 2014(Updated: )

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Portal	=6.1.0.0
IBM WebSphere Portal	=6.1.0.1
IBM WebSphere Portal	=6.1.0.2
IBM WebSphere Portal	=6.1.0.3
IBM WebSphere Portal	=6.1.0.4
IBM WebSphere Portal	=6.1.0.5
IBM WebSphere Portal	=6.1.0.6
IBM WebSphere Portal	=6.1.5.0
IBM WebSphere Portal	=6.1.5.1
IBM WebSphere Portal	=6.1.5.2
IBM WebSphere Portal	=6.1.5.3
IBM WebSphere Portal	=7.0.0.0
IBM WebSphere Portal	=7.0.0.1
IBM WebSphere Portal	=7.0.0.2
IBM WebSphere Portal	=8.0.0.0
IBM WebSphere Portal	=8.0.0.1
IBM WebSphere Portal	=8.5.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-6171?
The severity of CVE-2014-6171 is considered to be medium, as it allows for cross-site scripting attacks.
How do I fix CVE-2014-6171?
To fix CVE-2014-6171, update your IBM WebSphere Portal to the latest version that addresses this vulnerability.
What kind of attacks can be executed due to CVE-2014-6171?
CVE-2014-6171 allows attackers to inject arbitrary web scripts or HTML through crafted URLs.
Which versions of IBM WebSphere Portal are affected by CVE-2014-6171?
CVE-2014-6171 affects IBM WebSphere Portal versions between 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0.0 through 7.0.0.2, 8.0.0 through 8.0.0.1, and 8.5.0 before CF04.
Is CVE-2014-6171 a remote vulnerability?
Yes, CVE-2014-6171 is a remote vulnerability that can be exploited by attackers without physical access to the system.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/references
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere portal
version/ibm websphere portal/6.1.0.0
version/ibm websphere portal/6.1.0.1
version/ibm websphere portal/6.1.0.2
version/ibm websphere portal/6.1.0.3
version/ibm websphere portal/6.1.0.4
version/ibm websphere portal/6.1.0.5
version/ibm websphere portal/6.1.0.6
version/ibm websphere portal/6.1.5.0
version/ibm websphere portal/6.1.5.1
version/ibm websphere portal/6.1.5.2
version/ibm websphere portal/6.1.5.3
version/ibm websphere portal/7.0.0.0
version/ibm websphere portal/7.0.0.1
version/ibm websphere portal/7.0.0.2
version/ibm websphere portal/8.0.0.0
version/ibm websphere portal/8.0.0.1
version/ibm websphere portal/8.5.0.0