CVE-2014-8914

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913.

Published: Jan 21, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-8914
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / business_process_manager	8.5.0.0	8.5.0.0.x
ibm / business_process_manager	8.0.1.0	8.0.1.0.x
ibm / business_process_manager	8.0.1.1	8.0.1.1.x
ibm / business_process_manager	8.5.5.0	8.5.5.0.x
ibm / business_process_manager	8.0.1.3	8.0.1.3.x
ibm / business_process_manager	8.5.0.1	8.5.0.1.x
ibm / business_process_manager	8.0.0.0	8.0.0.0.x
ibm / business_process_manager	8.0.1.2	8.0.1.2.x

http://secunia.com/advisories/62205
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836
http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103
http://www-01.ibm.com/support/docview.wss?uid=swg21693239
http://www.securitytracker.com/id/1031614
https://exchange.xforce.ibmcloud.com/vulnerabilities/99285

Vulnerability Database

290,278

CVE-2014-8914