cvelistv5 - CVE-2014-8913

CVE-2014-8913 (GCVE-0-2014-8913)

Vulnerability from cvelistv5

Published

2015-01-21 11:00

Modified

2024-08-06 13:33

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/62205
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693239	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1031614
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/99284
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62205
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693239	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031614
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99284

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:13.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
          },
          {
            "name": "1031614",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031614"
          },
          {
            "name": "ibm-bpm-cve20148913-xss(99284)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
          },
          {
            "name": "JR51742",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "62205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
        },
        {
          "name": "1031614",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031614"
        },
        {
          "name": "ibm-bpm-cve20148913-xss(99284)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
        },
        {
          "name": "JR51742",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8913",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62205"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
            },
            {
              "name": "1031614",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031614"
            },
            {
              "name": "ibm-bpm-cve20148913-xss(99284)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
            },
            {
              "name": "JR51742",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8913",
    "datePublished": "2015-01-21T11:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:13.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8913\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2015-01-21T15:17:03.557\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a trav\u00e9s 8.0.1.3, 8.5.0 a trav\u00e9s de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161542A0-E919-4105-AD4F-C881ACF8D26B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8D1DC9-CB5E-4627-8689-B5FA7C5DE1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32504DEB-7391-4452-BA2E-409959B24222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F74820-DF10-499E-AF7A-93AC285843D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C12274F-495C-4E81-A317-E66916B0A2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989C89DF-C6CB-45C9-9592-30A83896BD71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783C2592-9669-4C75-9E63-C834482F6F8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7021B830-3EE4-446D-8D87-BBD2097A023E\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/62205\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21693239\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031614\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/99284\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://secunia.com/advisories/62205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21693239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/99284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2014-8913

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-8913

Aliases

CVE-2014-8913

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8913",
    "description": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.",
    "id": "GSD-2014-8913"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8913"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.",
      "id": "GSD-2014-8913",
      "modified": "2023-12-13T01:22:49.010389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2014-8913",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "62205",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62205"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
          },
          {
            "name": "1031614",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031614"
          },
          {
            "name": "ibm-bpm-cve20148913-xss(99284)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
          },
          {
            "name": "JR51742",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8913"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
            },
            {
              "name": "JR51742",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
            },
            {
              "name": "1031614",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031614"
            },
            {
              "name": "62205",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62205"
            },
            {
              "name": "ibm-bpm-cve20148913-xss(99284)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-21T15:17Z"
    }
  }
}

ghsa-ff6w-526v-c5p2

Vulnerability from github

Published

2022-05-17 01:12

Modified

2022-05-17 01:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8913"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-21T15:17:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.",
  "id": "GHSA-ff6w-526v-c5p2",
  "modified": "2022-05-17T01:12:41Z",
  "published": "2022-05-17T01:12:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8913"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62205"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031614"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2015-00568

Vulnerability from cnvd

Title: IBM Business Process Manager跨站脚本漏洞（CNVD-2015-00568）

Description:

IBM Business Process Manager是一个综合的业务流程管理平台。

IBM Business Process Manager 8.0 至 8.0.1.3, 8.5.0 至 8.5.0.1,8.5.5存在跨站脚本漏洞，允许已通过身份验证的远程用户通过精心编制的URL注入任意web脚本或HTML。

Severity: 低

Patch Name: IBM Business Process Manager跨站脚本漏洞（CNVD-2015-00568）的补丁

Patch Description:

IBM Business Process Manager是一个综合的业务流程管理平台。

IBM Business Process Manager 8.0 至 8.0.1.3, 8.5.0 至 8.5.0.1,8.5.5存在跨站脚本漏洞，允许已通过身份验证的远程用户通过精心编制的URL注入任意web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www-01.ibm.com/support/docview.wss?uid=swg21693542

Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21693542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8913

Impacted products

Name
['IBM Business Process Manager 8.0.x至8.0.1.3', 'IBM Business Process Manager 8.5.0-8.5.0.1', 'IBM Business Process Manager 8.5.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8913"
    }
  },
  "description": "IBM Business Process Manager\u662f\u4e00\u4e2a\u7efc\u5408\u7684\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nIBM Business Process Manager 8.0 \u81f3 8.0.1.3, 8.5.0 \u81f3 8.5.0.1,8.5.5\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684URL\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21693542",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00568",
  "openTime": "2015-01-26",
  "patchDescription": "IBM Business Process Manager\u662f\u4e00\u4e2a\u7efc\u5408\u7684\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nIBM Business Process Manager 8.0 \u81f3 8.0.1.3, 8.5.0 \u81f3 8.5.0.1,8.5.5\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684URL\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Business Process Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-00568\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Business Process Manager 8.0.x\u81f38.0.1.3",
      "IBM Business Process Manager 8.5.0-8.5.0.1",
      "IBM Business Process Manager  8.5.5"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21693542\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8913",
  "serverity": "\u4f4e",
  "submitTime": "2015-01-22",
  "title": "IBM Business Process Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-00568\uff09"
}

fkie_cve-2014-8913

Vulnerability from fkie_nvd

Published

2015-01-21 15:17

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/62205
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693239	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1031614
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/99284
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62205
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693239	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031614
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99284

Impacted products

Vendor	Product	Version
ibm	business_process_manager	8.0.0.0
ibm	business_process_manager	8.0.1.0
ibm	business_process_manager	8.0.1.1
ibm	business_process_manager	8.0.1.2
ibm	business_process_manager	8.0.1.3
ibm	business_process_manager	8.5.0.0
ibm	business_process_manager	8.5.0.1
ibm	business_process_manager	8.5.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "161542A0-E919-4105-AD4F-C881ACF8D26B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8D1DC9-CB5E-4627-8689-B5FA7C5DE1C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32504DEB-7391-4452-BA2E-409959B24222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F74820-DF10-499E-AF7A-93AC285843D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C12274F-495C-4E81-A317-E66916B0A2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "783C2592-9669-4C75-9E63-C834482F6F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7021B830-3EE4-446D-8D87-BBD2097A023E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a trav\u00e9s 8.0.1.3, 8.5.0 a trav\u00e9s de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914."
    }
  ],
  "id": "CVE-2014-8913",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-21T15:17:03.557",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/62205"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1031614"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99284"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-8913 (GCVE-0-2014-8913)

Vulnerability from cvelistv5

gsd-2014-8913

Vulnerability from gsd

ghsa-ff6w-526v-c5p2

Vulnerability from github

cnvd-2015-00568

Vulnerability from cnvd

fkie_cve-2014-8913

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature