Summary
IBM Tivoli Endpoint Manager Mobile Device Management is prone to a cross- site scripting vulnerability because it fails to sanitize user-supplied input.
Impact
An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and execute arbitrary code.
Solution
Upgrade to version 9.0.60100
Insight
BM Tivoli Endpoint Manager Mobile Device Management (MDM) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site, after the URL is clicked.
Affected
Versions prior to IBM Tivoli Endpoint Manager Mobile Device Management 9.0.60100 are vulnerable.
Detection
Check the version
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-6140 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Adobe ColdFusion Directory Traversal Vulnerability