CVE-2014-0957

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 18 July 2014

Summary

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21679064

x_refsource_CONFIRM

http://secunia.com/advisories/59557

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 18, 2014
Vulnerability Reserved
Jan 6, 2014