Sign-up

ID

VAR-201307-0125


CVE

CVE-2013-0476


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway In any FTP Command insertion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003197

DESCRIPTION

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. Exploiting this issue could allow an attacker to execute arbitrary FTP commands in the context of the affected application. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-0476 // JVNDB: JVNDB-2013-003197 // BID: 60995 // VULHUB: VHN-60478

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.1

Trust: 2.4

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.1

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-003197 // CNNVD: CNNVD-201307-052 // NVD: CVE-2013-0476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0476
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0476
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-60478
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0476
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60478
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60478 // JVNDB: JVNDB-2013-003197 // CNNVD: CNNVD-201307-052 // NVD: CVE-2013-0476

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-0476

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-052

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003197

PATCH
title:1640830url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 0.8
title:si_52_build_5020401_hotfix_3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46369
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-003197 // 
            
            
            
            CNNVD: CNNVD-201307-052

EXTERNAL IDS
db:NVDid:CVE-2013-0476
Trust: 2.8
db:JVNDBid:JVNDB-2013-003197
Trust: 0.8
db:CNNVDid:CNNVD-201307-052
Trust: 0.7
db:XFid:2
Trust: 0.6
db:XFid:81405
Trust: 0.6
db:BIDid:60995
Trust: 0.4
db:VULHUBid:VHN-60478
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60478 // 
            
            
            
            BID: 60995 // 
            
            
            
            JVNDB: JVNDB-2013-003197 // 
            
            
            
            CNNVD: CNNVD-201307-052 // 
            
            
            
            NVD: CVE-2013-0476

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81405
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0476
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0476
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/81405
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-60478 // 
            
            
            
            BID: 60995 // 
            
            
            
            JVNDB: JVNDB-2013-003197 // 
            
            
            
            CNNVD: CNNVD-201307-052 // 
            
            
            
            NVD: CVE-2013-0476

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60995

SOURCES
db:VULHUBid:VHN-60478
db:BIDid:60995
db:JVNDBid:JVNDB-2013-003197
db:CNNVDid:CNNVD-201307-052
db:NVDid:CVE-2013-0476

LAST UPDATE DATE
2024-08-14T12:50:23.328000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-60478date:2017-08-29T00:00:00
db:BIDid:60995date:2013-07-05T00:00:00
db:JVNDBid:JVNDB-2013-003197date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-052date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0476date:2017-08-29T01:33:02.997

SOURCES RELEASE DATE
db:VULHUBid:VHN-60478date:2013-07-03T00:00:00
db:BIDid:60995date:2013-07-05T00:00:00
db:JVNDBid:JVNDB-2013-003197date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-052date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0476date:2013-07-03T13:54:30.983