CVE-2014-0855

Name of the Vulnerable Software and Affected Versions IBM Connections Portlets versions prior to 4.5.1 FP1 IBM WebSphere Portal versions 7.0.0.2 and 8.0.0.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities.

Recommendations For IBM Connections Portlets versions prior to 4.5.1 FP1, update to version 4.5.1 FP1 or later. For IBM WebSphere Portal versions 7.0.0.2 and 8.0.0.1, consider restricting access to sensitive areas of the portal until an update or patch is available.