Sign-up

ID

VAR-201307-0122


CVE

CVE-2013-0455


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003182

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. This vulnerability CVE-2013-2983 Is a different vulnerability.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-0455 // JVNDB: JVNDB-2013-003182 // BID: 60878 // VULHUB: VHN-60457

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.4

Trust: 2.7

vendor:ibmmodel:sterling file gatewayscope:eqversion: -

Trust: 1.6

vendor:ibmmodel:sterling file gatewayscope: - version: -

Trust: 0.8

sources: BID: 60878 // JVNDB: JVNDB-2013-003182 // CNNVD: CNNVD-201307-026 // NVD: CVE-2013-0455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0455
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0455
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-026
value: MEDIUM

Trust: 0.6

VULHUB: VHN-60457
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0455
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60457
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60457 // JVNDB: JVNDB-2013-003182 // CNNVD: CNNVD-201307-026 // NVD: CVE-2013-0455

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-60457 // JVNDB: JVNDB-2013-003182 // NVD: CVE-2013-0455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-026

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-026

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003182

PATCH
title:IC92888url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC92888
Trust: 0.8
title:si_52_build_5020401_hotfix_3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46363
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-003182 // 
            
            
            
            CNNVD: CNNVD-201307-026

EXTERNAL IDS
db:NVDid:CVE-2013-0455
Trust: 2.8
db:BIDid:60878
Trust: 1.0
db:JVNDBid:JVNDB-2013-003182
Trust: 0.8
db:CNNVDid:CNNVD-201307-026
Trust: 0.7
db:AIXAPARid:IC92888
Trust: 0.6
db:VULHUBid:VHN-60457
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60457 // 
            
            
            
            BID: 60878 // 
            
            
            
            JVNDB: JVNDB-2013-003182 // 
            
            
            
            CNNVD: CNNVD-201307-026 // 
            
            
            
            NVD: CVE-2013-0455

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic92888
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0455
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0455
Trust: 0.8
url:http://www.securityfocus.com/bid/60878
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-60457 // 
            
            
            
            BID: 60878 // 
            
            
            
            JVNDB: JVNDB-2013-003182 // 
            
            
            
            CNNVD: CNNVD-201307-026 // 
            
            
            
            NVD: CVE-2013-0455

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60878

SOURCES
db:VULHUBid:VHN-60457
db:BIDid:60878
db:JVNDBid:JVNDB-2013-003182
db:CNNVDid:CNNVD-201307-026
db:NVDid:CVE-2013-0455

LAST UPDATE DATE
2024-08-14T15:30:19.353000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-60457date:2013-10-10T00:00:00
db:BIDid:60878date:2013-06-29T00:00:00
db:JVNDBid:JVNDB-2013-003182date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-026date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0455date:2013-10-10T18:33:41.443

SOURCES RELEASE DATE
db:VULHUBid:VHN-60457date:2013-07-02T00:00:00
db:BIDid:60878date:2013-06-29T00:00:00
db:JVNDBid:JVNDB-2013-003182date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-026date:2013-06-29T00:00:00
db:NVDid:CVE-2013-0455date:2013-07-02T14:12:45.423