CVE-2014-6121
Summary
| CVE | CVE-2014-6121 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-23 02:59:00 UTC |
| Updated | 2017-09-08 01:29:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Appscan | 8.5 | All | All | All |
| Application | Ibm | Security Appscan | 8.6 | All | All | All |
| Application | Ibm | Security Appscan | 8.7 | All | All | All |
| Application | Ibm | Security Appscan | 8.8 | All | All | All |
| Application | Ibm | Security Appscan | 9.0 | All | All | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Appscan | 8.5 | All | All | All |
| Application | Ibm | Security Appscan | 8.6 | All | All | All |
| Application | Ibm | Security Appscan | 8.7 | All | All | All |
| Application | Ibm | Security Appscan | 8.8 | All | All | All |
| Application | Ibm | Security Appscan | 9.0 | All | All | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Appscan Source | 9.0.1 | All | All | All |
| Application | Ibm | Security Appscan Source | 9.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM Security AppScan Enterprise Bugs Let Remote Users Conduct Cross-Site Scrpting Attacks and Gain Full Control of the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM Security Bulletin: Multiple vulnerabilities in AppScan Enterprise (CVE-2014-6135, CVE-2014-6119, CVE-2014-6122, CVE-2014-6121, CVE-2013-2566, CVE-2005-2969) - United States | CONFIRM | www-01.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.