Sign-up

ID

VAR-201307-0072


CVE

CVE-2013-2982


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to uploading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2013-003205

DESCRIPTION

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. Multiple IBM product are prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application

Trust: 1.98

sources: NVD: CVE-2013-2982 // JVNDB: JVNDB-2013-003205 // BID: 60987 // VULHUB: VHN-62984

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.1

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.1

Trust: 2.7

sources: BID: 60987 // JVNDB: JVNDB-2013-003205 // CNNVD: CNNVD-201307-059 // NVD: CVE-2013-2982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2982
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2982
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-059
value: MEDIUM

Trust: 0.6

VULHUB: VHN-62984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2982
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62984
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62984 // JVNDB: JVNDB-2013-003205 // CNNVD: CNNVD-201307-059 // NVD: CVE-2013-2982

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-2982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-059

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003205

PATCH
title:1640830url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003205

EXTERNAL IDS
db:NVDid:CVE-2013-2982
Trust: 2.8
db:JVNDBid:JVNDB-2013-003205
Trust: 0.8
db:CNNVDid:CNNVD-201307-059
Trust: 0.7
db:XFid:2
Trust: 0.6
db:XFid:83997
Trust: 0.6
db:BIDid:60987
Trust: 0.4
db:VULHUBid:VHN-62984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-62984 // 
            
            
            
            BID: 60987 // 
            
            
            
            JVNDB: JVNDB-2013-003205 // 
            
            
            
            CNNVD: CNNVD-201307-059 // 
            
            
            
            NVD: CVE-2013-2982

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/83997
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2982
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2982
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/83997
Trust: 0.6
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-62984 // 
            
            
            
            BID: 60987 // 
            
            
            
            JVNDB: JVNDB-2013-003205 // 
            
            
            
            CNNVD: CNNVD-201307-059 // 
            
            
            
            NVD: CVE-2013-2982

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 60987

SOURCES
db:VULHUBid:VHN-62984
db:BIDid:60987
db:JVNDBid:JVNDB-2013-003205
db:CNNVDid:CNNVD-201307-059
db:NVDid:CVE-2013-2982

LAST UPDATE DATE
2024-08-14T12:34:27.383000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-62984date:2017-08-29T00:00:00
db:BIDid:60987date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003205date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-059date:2013-07-04T00:00:00
db:NVDid:CVE-2013-2982date:2017-08-29T01:33:18.713

SOURCES RELEASE DATE
db:VULHUBid:VHN-62984date:2013-07-03T00:00:00
db:BIDid:60987date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003205date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-059date:2013-07-04T00:00:00
db:NVDid:CVE-2013-2982date:2013-07-03T13:54:31.070