Sign-up

ID

VAR-201307-0073


CVE

CVE-2013-2983


TITLE

IBM Sterling File Gateway and Sterling B2B Integrator Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003183

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2013-0468. This vulnerability CVE-2013-0455 Is a different vulnerability.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. These vulnerabilities stem from the program's failure to validate user-submitted input

Trust: 1.98

sources: NVD: CVE-2013-2983 // JVNDB: JVNDB-2013-003183 // BID: 60880 // VULHUB: VHN-62985

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion: -

Trust: 1.6

vendor:ibmmodel:sterling b2b integratorscope: - version: -

Trust: 0.8

sources: BID: 60880 // JVNDB: JVNDB-2013-003183 // CNNVD: CNNVD-201307-027 // NVD: CVE-2013-2983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2983
value: LOW

Trust: 1.0

NVD: CVE-2013-2983
value: LOW

Trust: 0.8

CNNVD: CNNVD-201307-027
value: LOW

Trust: 0.6

VULHUB: VHN-62985
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-2983
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62985
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62985 // JVNDB: JVNDB-2013-003183 // CNNVD: CNNVD-201307-027 // NVD: CVE-2013-2983

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-62985 // JVNDB: JVNDB-2013-003183 // NVD: CVE-2013-2983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-027

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003183

PATCH
title:IC91045url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC91045
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003183

EXTERNAL IDS
db:NVDid:CVE-2013-2983
Trust: 2.8
db:BIDid:60880
Trust: 1.0
db:JVNDBid:JVNDB-2013-003183
Trust: 0.8
db:CNNVDid:CNNVD-201307-027
Trust: 0.7
db:AIXAPARid:IC91045
Trust: 0.6
db:VULHUBid:VHN-62985
Trust: 0.1
sources:
            
            
            VULHUB: VHN-62985 // 
            
            
            
            BID: 60880 // 
            
            
            
            JVNDB: JVNDB-2013-003183 // 
            
            
            
            CNNVD: CNNVD-201307-027 // 
            
            
            
            NVD: CVE-2013-2983

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic91045
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2983
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2983
Trust: 0.8
url:http://www.securityfocus.com/bid/60880
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-62985 // 
            
            
            
            BID: 60880 // 
            
            
            
            JVNDB: JVNDB-2013-003183 // 
            
            
            
            CNNVD: CNNVD-201307-027 // 
            
            
            
            NVD: CVE-2013-2983

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60880

SOURCES
db:VULHUBid:VHN-62985
db:BIDid:60880
db:JVNDBid:JVNDB-2013-003183
db:CNNVDid:CNNVD-201307-027
db:NVDid:CVE-2013-2983

LAST UPDATE DATE
2024-08-14T15:40:05.756000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-62985date:2013-10-07T00:00:00
db:BIDid:60880date:2013-06-29T00:00:00
db:JVNDBid:JVNDB-2013-003183date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201307-027date:2013-07-04T00:00:00
db:NVDid:CVE-2013-2983date:2013-10-07T17:49:39.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-62985date:2013-07-02T00:00:00
db:BIDid:60880date:2013-06-29T00:00:00
db:JVNDBid:JVNDB-2013-003183date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-027date:2013-06-29T00:00:00
db:NVDid:CVE-2013-2983date:2013-07-02T14:12:50.777