IBM Tivoli Business Service Manager CVE 2014-3031 Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	69180
Class:	Input Validation Error
CVE:	CVE-2014-3031
Remote:	Yes
Local:	No
Published:	Aug 01 2014 12:00AM
Updated:	Aug 01 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Tivoli Business Service Manager 4.2.1 IBM Tivoli Business Service Manager 4.2
Not Vulnerable:

IBM Tivoli Business Service Manager CVE 2014-3031 Unspecified Cross Site Scripting Vulnerability

IBM Tivoli Business Service Manager is prone to an unspecified cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Tivoli Business Service Manager 4.2 and 4.2.1 are vulnerable.

IBM Tivoli Business Service Manager CVE 2014-3031 Unspecified Cross Site Scripting Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

IBM Tivoli Business Service Manager CVE 2014-3031 Unspecified Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Tivoli Business Service Manager CVE 2014-3031 Unspecified Cross Site Scripting Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Vulnerabilities reported in Tivoli Business Service Manager (ibm)