What is the severity of CVE-2014-8897?

CVE-2014-8897 is classified as a medium severity cross-site scripting (XSS) vulnerability.

How do I fix CVE-2014-8897?

To fix CVE-2014-8897, apply the latest patches provided by IBM for affected versions of InfoSphere Master Data Management.

What versions are affected by CVE-2014-8897?

CVE-2014-8897 affects IBM InfoSphere Master Data Management Server versions 9.x to 9.1 and versions 10.x through 10.1, as well as specific 11.x versions before 11.4 FP1.

Can CVE-2014-8897 be exploited remotely?

Yes, CVE-2014-8897 can be exploited remotely by attackers through crafted scripts submitted to the Collaboration Server.

Is there a workaround for CVE-2014-8897?

IBM recommends upgrading to the latest versions as the primary method of mitigating the risk associated with CVE-2014-8897.

Vulnerability/
CVE-2014-8897

low

3.5

CWE

22/12/2014

6/8/2024

CVE-2014-8897: XSS

First published: Mon Dec 22 2014(Updated: )

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8898 and CVE-2014-8899.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.1
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.2
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.3
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.4
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.5
Ibm Infosphere Master Data Management Collaborative Server	=10.1.0
Ibm Infosphere Master Data Management Collaborative Server	=11.0
Ibm Infosphere Master Data Management Collaborative Server	=11.3
Ibm Infosphere Master Data Management Collaborative Server	=11.4
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.1
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.2
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.3
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.4
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.5
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.6
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.7
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.8
IBM InfoSphere Master Data Management Server for Product Information Management	=9.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8897?
CVE-2014-8897 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-8897?
To fix CVE-2014-8897, apply the latest patches provided by IBM for affected versions of InfoSphere Master Data Management.
What versions are affected by CVE-2014-8897?
CVE-2014-8897 affects IBM InfoSphere Master Data Management Server versions 9.x to 9.1 and versions 10.x through 10.1, as well as specific 11.x versions before 11.4 FP1.
Can CVE-2014-8897 be exploited remotely?
Yes, CVE-2014-8897 can be exploited remotely by attackers through crafted scripts submitted to the Collaboration Server.
Is there a workaround for CVE-2014-8897?
IBM recommends upgrading to the latest versions as the primary method of mitigating the risk associated with CVE-2014-8897.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/tags
agent/description
agent/source
vendor/ibm
canonical/ibm infosphere master data management collaborative server
version/ibm infosphere master data management collaborative server/10.0.0
version/ibm infosphere master data management collaborative server/10.0.0.1
version/ibm infosphere master data management collaborative server/10.0.0.2
version/ibm infosphere master data management collaborative server/10.0.0.3
version/ibm infosphere master data management collaborative server/10.0.0.4
version/ibm infosphere master data management collaborative server/10.0.0.5
version/ibm infosphere master data management collaborative server/10.1.0
version/ibm infosphere master data management collaborative server/11.0
version/ibm infosphere master data management collaborative server/11.3
version/ibm infosphere master data management collaborative server/11.4
canonical/ibm infosphere master data management server for product information management
version/ibm infosphere master data management server for product information management/9.0.0
version/ibm infosphere master data management server for product information management/9.0.0.1
version/ibm infosphere master data management server for product information management/9.0.0.2
version/ibm infosphere master data management server for product information management/9.0.0.3
version/ibm infosphere master data management server for product information management/9.0.0.4
version/ibm infosphere master data management server for product information management/9.0.0.5
version/ibm infosphere master data management server for product information management/9.0.0.6
version/ibm infosphere master data management server for product information management/9.0.0.7
version/ibm infosphere master data management server for product information management/9.0.0.8
version/ibm infosphere master data management server for product information management/9.1.0