Sign-up

ID

VAR-201307-0129


CVE

CVE-2013-0468


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003195

DESCRIPTION

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-0468 // JVNDB: JVNDB-2013-003195 // BID: 60983 // VULHUB: VHN-60470

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.1

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.1

Trust: 2.7

sources: BID: 60983 // JVNDB: JVNDB-2013-003195 // CNNVD: CNNVD-201307-050 // NVD: CVE-2013-0468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0468
value: LOW

Trust: 1.0

NVD: CVE-2013-0468
value: LOW

Trust: 0.8

CNNVD: CNNVD-201307-050
value: LOW

Trust: 0.6

VULHUB: VHN-60470
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-0468
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60470
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60470 // JVNDB: JVNDB-2013-003195 // CNNVD: CNNVD-201307-050 // NVD: CVE-2013-0468

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-60470 // JVNDB: JVNDB-2013-003195 // NVD: CVE-2013-0468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-050

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003195

PATCH
title:1640830url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 0.8
title:si_52_build_5020401_hotfix_3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46369
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-003195 // 
            
            
            
            CNNVD: CNNVD-201307-050

EXTERNAL IDS
db:NVDid:CVE-2013-0468
Trust: 2.8
db:JVNDBid:JVNDB-2013-003195
Trust: 0.8
db:CNNVDid:CNNVD-201307-050
Trust: 0.7
db:XFid:2
Trust: 0.6
db:XFid:81334
Trust: 0.6
db:BIDid:60983
Trust: 0.4
db:VULHUBid:VHN-60470
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60470 // 
            
            
            
            BID: 60983 // 
            
            
            
            JVNDB: JVNDB-2013-003195 // 
            
            
            
            CNNVD: CNNVD-201307-050 // 
            
            
            
            NVD: CVE-2013-0468

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81334
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0468
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0468
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/81334
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-60470 // 
            
            
            
            BID: 60983 // 
            
            
            
            JVNDB: JVNDB-2013-003195 // 
            
            
            
            CNNVD: CNNVD-201307-050 // 
            
            
            
            NVD: CVE-2013-0468

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60983

SOURCES
db:VULHUBid:VHN-60470
db:BIDid:60983
db:JVNDBid:JVNDB-2013-003195
db:CNNVDid:CNNVD-201307-050
db:NVDid:CVE-2013-0468

LAST UPDATE DATE
2024-08-14T13:16:22.575000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-60470date:2017-08-29T00:00:00
db:BIDid:60983date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003195date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-050date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0468date:2017-08-29T01:33:02.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-60470date:2013-07-03T00:00:00
db:BIDid:60983date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003195date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-050date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0468date:2013-07-03T13:54:30.967