Vulnerability Details CVE-2014-0883
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91163
- https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91163
- https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883
Products affected by CVE-2014-0883
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.5
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.4.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.5.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.6.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0
-
cpe:2.3:a:ibm:power_hardware_management_console:7r7.8.0