CVE-2014-8909: XSS
First published: Fri Feb 13 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =6.1.0.0 | |
| IBM WebSphere Portal | =6.1.0.1 | |
| IBM WebSphere Portal | =6.1.0.2 | |
| IBM WebSphere Portal | =6.1.0.3 | |
| IBM WebSphere Portal | =6.1.0.4 | |
| IBM WebSphere Portal | =6.1.0.5 | |
| IBM WebSphere Portal | =6.1.0.6 | |
| IBM WebSphere Portal | =6.1.5.0 | |
| IBM WebSphere Portal | =6.1.5.1 | |
| IBM WebSphere Portal | =6.1.5.2 | |
| IBM WebSphere Portal | =6.1.5.3 | |
| IBM WebSphere Portal | =7.0.0.0 | |
| IBM WebSphere Portal | =7.0.0.1 | |
| IBM WebSphere Portal | =8.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-8909?
CVE-2014-8909 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2014-8909?
To fix CVE-2014-8909, you should upgrade IBM WebSphere Portal to version 8.0.0.1 CF15 or 8.5.0 CF05 or later.
Who is affected by CVE-2014-8909?
CVE-2014-8909 affects users of IBM WebSphere Portal versions 6.1.0 through 8.0.0.x prior to the specified CF releases.
What type of attack is possible with CVE-2014-8909?
CVE-2014-8909 allows remote authenticated users to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
When was CVE-2014-8909 disclosed?
CVE-2014-8909 was disclosed in December 2014, highlighting security considerations for users of various IBM WebSphere Portal versions.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/6.1.0.0
- version/ibm websphere portal/6.1.0.1
- version/ibm websphere portal/6.1.0.2
- version/ibm websphere portal/6.1.0.3
- version/ibm websphere portal/6.1.0.4
- version/ibm websphere portal/6.1.0.5
- version/ibm websphere portal/6.1.0.6
- version/ibm websphere portal/6.1.5.0
- version/ibm websphere portal/6.1.5.1
- version/ibm websphere portal/6.1.5.2
- version/ibm websphere portal/6.1.5.3
- version/ibm websphere portal/7.0.0.0
- version/ibm websphere portal/7.0.0.1
- version/ibm websphere portal/8.0.0.0