Sign-up

ID

VAR-201708-0272


CVE

CVE-2014-6189


TITLE

IBM Security Network Protection Cross-site scripting vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-008343

DESCRIPTION

Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets

Trust: 1.98

sources: NVD: CVE-2014-6189 // JVNDB: JVNDB-2014-008343 // BID: 73940 // VULHUB: VHN-74132

AFFECTED PRODUCTS

vendor:ibmmodel:security network protection 7100scope:eqversion:5.3

Trust: 1.6

vendor:ibmmodel:security network protection 5100scope:eqversion:5.2

Trust: 1.6

vendor:ibmmodel:security network protection 7100scope:eqversion:5.2

Trust: 1.6

vendor:ibmmodel:security network protection 4100scope:eqversion:5.3

Trust: 1.6

vendor:ibmmodel:security network protection 3100scope:eqversion:5.2

Trust: 1.6

vendor:ibmmodel:security network protection 4100scope:eqversion:5.2

Trust: 1.6

vendor:ibmmodel:security network protection 5100scope:eqversion:5.3

Trust: 1.6

vendor:ibmmodel:security network protection 3100scope:eqversion:5.3

Trust: 1.6

vendor:ibmmodel:security network protection 3100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection 4100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection 5100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection 7100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:71005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.2

Trust: 0.3

sources: BID: 73940 // JVNDB: JVNDB-2014-008343 // CNNVD: CNNVD-201506-538 // NVD: CVE-2014-6189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6189
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-6189
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-538
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74132
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6189
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74132
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-6189
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-74132 // JVNDB: JVNDB-2014-008343 // CNNVD: CNNVD-201506-538 // NVD: CVE-2014-6189

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-74132 // JVNDB: JVNDB-2014-008343 // NVD: CVE-2014-6189

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-538

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-538

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008343

PATCH
title:1697248url:http://www-01.ibm.com/support/docview.wss?uid=swg21697248
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008343

EXTERNAL IDS
db:NVDid:CVE-2014-6189
Trust: 2.8
db:BIDid:73940
Trust: 2.0
db:JVNDBid:JVNDB-2014-008343
Trust: 0.8
db:CNNVDid:CNNVD-201506-538
Trust: 0.7
db:VULHUBid:VHN-74132
Trust: 0.1
sources:
            
            
            VULHUB: VHN-74132 // 
            
            
            
            BID: 73940 // 
            
            
            
            JVNDB: JVNDB-2014-008343 // 
            
            
            
            CNNVD: CNNVD-201506-538 // 
            
            
            
            NVD: CVE-2014-6189

REFERENCES
url:http://www.securityfocus.com/bid/73940
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21697248
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6189
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-6189
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21697126
Trust: 0.3
sources:
            
            
            VULHUB: VHN-74132 // 
            
            
            
            BID: 73940 // 
            
            
            
            JVNDB: JVNDB-2014-008343 // 
            
            
            
            CNNVD: CNNVD-201506-538 // 
            
            
            
            NVD: CVE-2014-6189

CREDITS
Paul Ionescu, Brennan Brazeau, John Zuccato, Jonathan Fitz-Gerald and Warren Moynihan
Trust: 0.9
sources:
            
            
            BID: 73940 // 
            
            
            
            CNNVD: CNNVD-201506-538

SOURCES
db:VULHUBid:VHN-74132
db:BIDid:73940
db:JVNDBid:JVNDB-2014-008343
db:CNNVDid:CNNVD-201506-538
db:NVDid:CVE-2014-6189

LAST UPDATE DATE
2025-04-20T23:27:18.056000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-74132date:2017-08-25T00:00:00
db:BIDid:73940date:2015-04-01T00:00:00
db:JVNDBid:JVNDB-2014-008343date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201506-538date:2017-08-23T00:00:00
db:NVDid:CVE-2014-6189date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-74132date:2017-08-22T00:00:00
db:BIDid:73940date:2015-04-01T00:00:00
db:JVNDBid:JVNDB-2014-008343date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201506-538date:2015-04-01T00:00:00
db:NVDid:CVE-2014-6189date:2017-08-22T15:29:00.180