CVE-2014-4770:This is a Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) that allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

splash
Back

Description Preview

The CVE-2014-4770 is a security vulnerability in IBM WebSphere Application Server (WAS) versions 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4. This vulnerability allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL, leading to Cross-site scripting (XSS). XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access or information disclosure.

Overview

IBM WebSphere Application Server (WAS) is a software framework and middleware that hosts Java-based web applications. The identified vulnerability (CVE-2014-4770) is a Cross-site scripting (XSS) vulnerability that allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. This vulnerability was made public on 17th September 2014.

Remediation

IBM has released patches to address this vulnerability. Users are advised to update their IBM WebSphere Application Server (WAS) to the latest version. If updating is not possible, users should restrict network access to the server and allow only trusted administrators to access the administrative console.

References

  1. http://secunia.com/advisories/61423
  2. http://www.kb.cert.org/vuls/id/573356
  3. http://www-01.ibm.com/support/docview.wss?uid=swg21682767
  4. http://secunia.com/advisories/61418
  5. https://exchange.xforce.ibmcloud.com/vulnerabilities/95209
  6. http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055
  7. http://www.securityfocus.com/bid/69981

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Retail Trade
    Retail Trade
  4. Management of Companies & Enterprises
    Management of Companies & Enterprises
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Finance and Insurance
    Finance and Insurance
  7. Utilities
    Utilities
  8. Accommodation & Food Services
    Accommodation & Food Services
  9. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  10. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  11. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  12. Construction
    Construction
  13. Educational Services
    Educational Services
  14. Information
    Information
  15. Mining
    Mining
  16. Other Services (except Public Administration)
    Other Services (except Public Administration)
  17. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  18. Public Administration
    Public Administration
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database