Sign-up

ID

VAR-201312-0171


CVE

CVE-2013-5405


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005673

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-5405 // JVNDB: JVNDB-2013-005673 // BID: 64443 // VULHUB: VHN-65407

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-005673 // CNNVD: CNNVD-201312-443 // NVD: CVE-2013-5405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5405
value: LOW

Trust: 1.0

NVD: CVE-2013-5405
value: LOW

Trust: 0.8

CNNVD: CNNVD-201312-443
value: LOW

Trust: 0.6

VULHUB: VHN-65407
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5405
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65407
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65407 // JVNDB: JVNDB-2013-005673 // CNNVD: CNNVD-201312-443 // NVD: CVE-2013-5405

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65407 // JVNDB: JVNDB-2013-005673 // NVD: CVE-2013-5405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-443

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005673

PATCH
title:1657539url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 0.8
title:IC96053url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005673

EXTERNAL IDS
db:NVDid:CVE-2013-5405
Trust: 2.8
db:BIDid:64443
Trust: 1.4
db:JVNDBid:JVNDB-2013-005673
Trust: 0.8
db:CNNVDid:CNNVD-201312-443
Trust: 0.7
db:XFid:20135405
Trust: 0.6
db:XFid:87354
Trust: 0.6
db:AIXAPARid:IC96053
Trust: 0.6
db:VULHUBid:VHN-65407
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65407 // 
            
            
            
            BID: 64443 // 
            
            
            
            JVNDB: JVNDB-2013-005673 // 
            
            
            
            CNNVD: CNNVD-201312-443 // 
            
            
            
            NVD: CVE-2013-5405

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic96053
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 1.7
url:http://www.securityfocus.com/bid/64443
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87354
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5405
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5405
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87354
Trust: 0.6
sources:
            
            
            VULHUB: VHN-65407 // 
            
            
            
            JVNDB: JVNDB-2013-005673 // 
            
            
            
            CNNVD: CNNVD-201312-443 // 
            
            
            
            NVD: CVE-2013-5405

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 64443

SOURCES
db:VULHUBid:VHN-65407
db:BIDid:64443
db:JVNDBid:JVNDB-2013-005673
db:CNNVDid:CNNVD-201312-443
db:NVDid:CVE-2013-5405

LAST UPDATE DATE
2024-11-23T22:52:54.506000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65407date:2017-08-29T00:00:00
db:BIDid:64443date:2014-01-28T01:03:00
db:JVNDBid:JVNDB-2013-005673date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-443date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5405date:2024-11-21T01:57:25.527

SOURCES RELEASE DATE
db:VULHUBid:VHN-65407date:2013-12-21T00:00:00
db:BIDid:64443date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005673date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-443date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5405date:2013-12-21T14:22:56.863