Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager
CVE-2014-6137

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Endpoint Manager
Vendor: CVE Published:; 16 February 2015

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Relay Diagnostic page of IBM Tivoli Endpoint Manager versions prior to 9.1.1229. This flaw allows remote attackers to inject arbitrary web scripts or HTML via unspecified vectors, potentially compromising the integrity of user data and application security. Attackers may exploit this vulnerability to execute malicious scripts in the context of users' browsers, affecting their sessions and leading to unauthorized actions or data exposure.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96817

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21692516

x_refsource_CONFIRM

http://www.securityfocus.com/bid/72559

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 16, 2015
Vulnerability Reserved
Sep 2, 2014