Cross-Site Scripting Vulnerability in IBM Rational Focal Point
CVE-2014-0843

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Focal Point
Vendor: CVE Published:; 26 February 2014

Summary

A cross-site scripting (XSS) vulnerability exists within IBM Rational Focal Point versions 6.4.x, 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. This flaw allows remote authenticated users to execute arbitrary web scripts or HTML through the upload of malicious files. As a result, attackers can compromise the security of the application and potentially manipulate user sessions or steal sensitive information.

References

http://www.securityfocus.com/bid/65730

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21665005

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/90714

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 26, 2014
Vulnerability Reserved
Jan 6, 2014