What is the severity of CVE-2014-8898?

The severity of CVE-2014-8898 is considered moderate due to its cross-site scripting (XSS) nature that can lead to unauthorized access to sensitive information.

How do I fix CVE-2014-8898?

To fix CVE-2014-8898, it is recommended to apply the latest fixes and patches provided by IBM for the affected versions of the software.

Which versions are affected by CVE-2014-8898?

CVE-2014-8898 affects IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1 and various 10.x, 11.0, 11.3, and 11.4 versions before their respective fixes.

What can an attacker do with CVE-2014-8898?

An attacker can exploit CVE-2014-8898 to execute malicious scripts in the context of a user's session, potentially compromising sensitive data.

Is user input validation a solution for CVE-2014-8898?

Implementing stringent user input validation can help mitigate the risks associated with CVE-2014-8898.

Vulnerability/
CVE-2014-8898

low

3.5

CWE

22/12/2014

6/8/2024

CVE-2014-8898: XSS

First published: Mon Dec 22 2014(Updated: )

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.1
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.2
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.3
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.4
Ibm Infosphere Master Data Management Collaborative Server	=10.0.0.5
Ibm Infosphere Master Data Management Collaborative Server	=10.1.0
Ibm Infosphere Master Data Management Collaborative Server	=11.0
Ibm Infosphere Master Data Management Collaborative Server	=11.3
Ibm Infosphere Master Data Management Collaborative Server	=11.4
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.1
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.2
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.3
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.4
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.5
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.6
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.7
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0.0.8
IBM InfoSphere Master Data Management Server for Product Information Management	=9.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8898?
The severity of CVE-2014-8898 is considered moderate due to its cross-site scripting (XSS) nature that can lead to unauthorized access to sensitive information.
How do I fix CVE-2014-8898?
To fix CVE-2014-8898, it is recommended to apply the latest fixes and patches provided by IBM for the affected versions of the software.
Which versions are affected by CVE-2014-8898?
CVE-2014-8898 affects IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1 and various 10.x, 11.0, 11.3, and 11.4 versions before their respective fixes.
What can an attacker do with CVE-2014-8898?
An attacker can exploit CVE-2014-8898 to execute malicious scripts in the context of a user's session, potentially compromising sensitive data.
Is user input validation a solution for CVE-2014-8898?
Implementing stringent user input validation can help mitigate the risks associated with CVE-2014-8898.

collector/nvd-index
agent/references
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/tags
agent/description
agent/source
vendor/ibm
canonical/ibm infosphere master data management collaborative server
version/ibm infosphere master data management collaborative server/10.0.0
version/ibm infosphere master data management collaborative server/10.0.0.1
version/ibm infosphere master data management collaborative server/10.0.0.2
version/ibm infosphere master data management collaborative server/10.0.0.3
version/ibm infosphere master data management collaborative server/10.0.0.4
version/ibm infosphere master data management collaborative server/10.0.0.5
version/ibm infosphere master data management collaborative server/10.1.0
version/ibm infosphere master data management collaborative server/11.0
version/ibm infosphere master data management collaborative server/11.3
version/ibm infosphere master data management collaborative server/11.4
canonical/ibm infosphere master data management server for product information management
version/ibm infosphere master data management server for product information management/9.0.0
version/ibm infosphere master data management server for product information management/9.0.0.1
version/ibm infosphere master data management server for product information management/9.0.0.2
version/ibm infosphere master data management server for product information management/9.0.0.3
version/ibm infosphere master data management server for product information management/9.0.0.4
version/ibm infosphere master data management server for product information management/9.0.0.5
version/ibm infosphere master data management server for product information management/9.0.0.6
version/ibm infosphere master data management server for product information management/9.0.0.7
version/ibm infosphere master data management server for product information management/9.0.0.8
version/ibm infosphere master data management server for product information management/9.1.0