Details of VAR-201311-0157

ID

VAR-201311-0157

CVE

CVE-2013-5442

TITLE

XGS 5100 Run on IBM Security Network Protection Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005102

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM Security Network Protection is a device of the IBM Security Intrusion Prevention product portfolio. An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets

Trust: 2.52

sources: NVD: CVE-2013-5442 // JVNDB: JVNDB-2013-005102 // CNVD: CNVD-2013-14452 // BID: 63642 // VULHUB: VHN-65444

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14452

AFFECTED PRODUCTS

vendor:	ibm	model:	security network protection	scope:	eq	version:	5.1	Trust: 1.6
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	ibm	model:	security network protection xgs 5100	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	security network protection	scope:	lt	version:	5.1.1	Trust: 0.8
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.1.1.1	Trust: 0.8
vendor:	ibm	model:	security network protection	scope:	lt	version:	5.1	Trust: 0.8
vendor:	ibm	model:	security network protection xgs 5100	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.1.0.6	Trust: 0.8
vendor:	ibm	model:	security network protection xgs	scope:	eq	version:	5.1	Trust: 0.6
vendor:	ibm	model:	security network protection xgs	scope:	eq	version:	5.1.1	Trust: 0.6

sources: CNVD: CNVD-2013-14452 // JVNDB: JVNDB-2013-005102 // CNNVD: CNNVD-201311-132 // NVD: CVE-2013-5442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5442
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5442
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-14452
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201311-132
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65444
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5442
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14452
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65444
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14452 // VULHUB: VHN-65444 // JVNDB: JVNDB-2013-005102 // CNNVD: CNNVD-201311-132 // NVD: CVE-2013-5442

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-65444 // JVNDB: JVNDB-2013-005102 // NVD: CVE-2013-5442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-132

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201311-132

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005102

PATCH

title:	1655377	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21655377	Trust: 0.8
title:	\302\240\302\240\302\240\302\240\302\240Patch for IBM Security Network Protection XGS 5100 Local Management Interface Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/41079	Trust: 0.6

sources: CNVD: CNVD-2013-14452 // JVNDB: JVNDB-2013-005102

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5442	Trust: 3.4
db:	BID	id:	63642	Trust: 2.6
db:	JVNDB	id:	JVNDB-2013-005102	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-132	Trust: 0.7
db:	SECUNIA	id:	55609	Trust: 0.6
db:	CNVD	id:	CNVD-2013-14452	Trust: 0.6
db:	XF	id:	87818	Trust: 0.6
db:	XF	id:	20135442	Trust: 0.6
db:	VULHUB	id:	VHN-65444	Trust: 0.1

sources: CNVD: CNVD-2013-14452 // VULHUB: VHN-65444 // BID: 63642 // JVNDB: JVNDB-2013-005102 // CNNVD: CNNVD-201311-132 // NVD: CVE-2013-5442

REFERENCES

url:	http://www.securityfocus.com/bid/63642	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21655377	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87818	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5442	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5442	Trust: 0.8
url:	http://secunia.com/advisories/55609/	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=swg21655377	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/87818	Trust: 0.6

sources: CNVD: CNVD-2013-14452 // VULHUB: VHN-65444 // JVNDB: JVNDB-2013-005102 // CNNVD: CNNVD-201311-132 // NVD: CVE-2013-5442

CREDITS

IBM

Trust: 0.9

sources: BID: 63642 // CNNVD: CNNVD-201311-132

SOURCES

db:	CNVD	id:	CNVD-2013-14452
db:	VULHUB	id:	VHN-65444
db:	BID	id:	63642
db:	JVNDB	id:	JVNDB-2013-005102
db:	CNNVD	id:	CNNVD-201311-132
db:	NVD	id:	CVE-2013-5442

LAST UPDATE DATE

2024-11-23T22:59:46.295000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14452	date:	2013-11-14T00:00:00
db:	VULHUB	id:	VHN-65444	date:	2017-08-29T00:00:00
db:	BID	id:	63642	date:	2014-04-02T01:07:00
db:	JVNDB	id:	JVNDB-2013-005102	date:	2013-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201311-132	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-5442	date:	2024-11-21T01:57:28.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14452	date:	2013-11-14T00:00:00
db:	VULHUB	id:	VHN-65444	date:	2013-11-13T00:00:00
db:	BID	id:	63642	date:	2013-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-005102	date:	2013-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201311-132	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-5442	date:	2013-11-13T15:55:03.643