Sign-up

ID

VAR-201307-0294


CVE

CVE-2013-0560


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003202

DESCRIPTION

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-0560 // JVNDB: JVNDB-2013-003202 // BID: 60998 // VULHUB: VHN-60562

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.1

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.1

Trust: 2.7

sources: BID: 60998 // JVNDB: JVNDB-2013-003202 // CNNVD: CNNVD-201307-056 // NVD: CVE-2013-0560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0560
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0560
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-056
value: MEDIUM

Trust: 0.6

VULHUB: VHN-60562
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0560
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60562
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60562 // JVNDB: JVNDB-2013-003202 // CNNVD: CNNVD-201307-056 // NVD: CVE-2013-0560

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-60562 // JVNDB: JVNDB-2013-003202 // NVD: CVE-2013-0560

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-056

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003202

PATCH
title:1640830url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 0.8
title:si_52_build_5020401_hotfix_3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46369
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-003202 // 
            
            
            
            CNNVD: CNNVD-201307-056

EXTERNAL IDS
db:NVDid:CVE-2013-0560
Trust: 2.8
db:JVNDBid:JVNDB-2013-003202
Trust: 0.8
db:CNNVDid:CNNVD-201307-056
Trust: 0.7
db:XFid:2
Trust: 0.6
db:XFid:83012
Trust: 0.6
db:BIDid:60998
Trust: 0.4
db:VULHUBid:VHN-60562
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60562 // 
            
            
            
            BID: 60998 // 
            
            
            
            JVNDB: JVNDB-2013-003202 // 
            
            
            
            CNNVD: CNNVD-201307-056 // 
            
            
            
            NVD: CVE-2013-0560

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21640830
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/83012
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0560
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/83012
Trust: 0.6
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-60562 // 
            
            
            
            BID: 60998 // 
            
            
            
            JVNDB: JVNDB-2013-003202 // 
            
            
            
            CNNVD: CNNVD-201307-056 // 
            
            
            
            NVD: CVE-2013-0560

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 60998

SOURCES
db:VULHUBid:VHN-60562
db:BIDid:60998
db:JVNDBid:JVNDB-2013-003202
db:CNNVDid:CNNVD-201307-056
db:NVDid:CVE-2013-0560

LAST UPDATE DATE
2024-08-14T12:59:31.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-60562date:2017-08-29T00:00:00
db:BIDid:60998date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003202date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-056date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0560date:2017-08-29T01:33:06.463

SOURCES RELEASE DATE
db:VULHUBid:VHN-60562date:2013-07-03T00:00:00
db:BIDid:60998date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003202date:2013-07-04T00:00:00
db:CNNVDid:CNNVD-201307-056date:2013-07-04T00:00:00
db:NVDid:CVE-2013-0560date:2013-07-03T13:54:31.047