Unrated severityNVD Advisory· Published Jul 18, 2014· Updated Jun 17, 2026
CVE-2014-0957
CVE-2014-0957
Description
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
- (no CPE)range: >=7.5, <=8.5.5
- cpe:2.3:a:ibm:websphere_application_server:7.2:*:lombardi:*:*:*:*:*
- Range: = 7.2
Patches
Vulnerability mechanics
References
4- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- secunia.com/advisories/59557nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/92738nvd
News mentions
0No linked articles in our index yet.