Security Bulletin
Summary
SmartCloud Provisioning - Webmin Open Source vulnerability as per X-Force Report, March 2014 (CVE-2014-0339).
Vulnerability Details
SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance is shipped with Webmin. A security vulnerability has been discovered in Webmin that affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance with Webmin. Webmin has released patch updates that contain a vulnerability fix and SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance with Webmin has been updated to include those fixes.
Refer to the following sections for vulnerabilities details and information about fixes.
CVE-ID: CVE-2014-0339
DESCRIPTION: Webmin is vulnerable to cross-site scripting, which is caused by improper validation of user-supplied input by the view.cgi script. A remote attacker might exploit this vulnerability using the id parameter in a specially crafted URL. That URL can then execute a script in a victim's Web browser within the security context of the hosting Web site after the URL is clicked. An attacker might use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91825 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance
Remediation/Fixes
The recommended solution is to download the SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance latest interim fix from Fix Central and apply it as soon as practical.
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
CVE-ID: CVE-2014-0339
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21677247