{"api_version":"1","generated_at":"2026-05-06T14:20:08+00:00","cve":"CVE-2014-4787","urls":{"html":"https://cve.report/CVE-2014-4787","api":"https://cve.report/api/cve/CVE-2014-4787.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-4787","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-4787"},"summary":{"title":"CVE-2014-4787","description":"Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2014-09-10 10:55:00","updated_at":"2017-08-29 01:35:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/69722","name":"69722","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM Initiate Master Data Service CVE-2014-4787 Unspecified Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21682450","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21682450","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Multiple Vulnerabilities in IBM Initiate Master Data Service (CVE-2014-4789, CVE-2014-4788, CVE-2014-4787, CVE-2014-4786, CVE-2014-4785, CVE-2014-4784, CVE-2014-4783)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60996","name":"60996","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95034","name":"ibm-imds-cve20144787-xss(95034)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-4787","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4787","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"9.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4787","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"initiate_master_data_service","cpe6":"9.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2014-4787","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21682450","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21682450"},{"name":"60996","refsource":"SECUNIA","url":"http://secunia.com/advisories/60996"},{"name":"ibm-imds-cve20144787-xss(95034)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"},{"name":"69722","refsource":"BID","url":"http://www.securityfocus.com/bid/69722"}]}},"nvd":{"publishedDate":"2014-09-10 10:55:00","lastModifiedDate":"2017-08-29 01:35:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:initiate_master_data_service:9.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:initiate_master_data_service:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:initiate_master_data_service:9.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:initiate_master_data_service:10.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"4787","Ordinal":"71760","Title":"CVE-2014-4787","CVE":"CVE-2014-4787","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"4787","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"4787","Ordinal":"2","NoteData":"2014-09-10","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"4787","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}