Sign-up

ID

VAR-201312-0172


CVE

CVE-2013-5406


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005674

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following product versions are vulnerable: IBM Sterling B2B Integrator 5.2 IBM Sterling File Gateway 2.2. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with specially crafted parameters

Trust: 1.98

sources: NVD: CVE-2013-5406 // JVNDB: JVNDB-2013-005674 // BID: 64446 // VULHUB: VHN-65408

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-005674 // CNNVD: CNNVD-201312-444 // NVD: CVE-2013-5406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5406
value: LOW

Trust: 1.0

NVD: CVE-2013-5406
value: LOW

Trust: 0.8

CNNVD: CNNVD-201312-444
value: LOW

Trust: 0.6

VULHUB: VHN-65408
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5406
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65408
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65408 // JVNDB: JVNDB-2013-005674 // CNNVD: CNNVD-201312-444 // NVD: CVE-2013-5406

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65408 // JVNDB: JVNDB-2013-005674 // NVD: CVE-2013-5406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-444

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-444

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005674

PATCH
title:1657539url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 0.8
title:IC96055url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005674

EXTERNAL IDS
db:NVDid:CVE-2013-5406
Trust: 2.8
db:BIDid:64446
Trust: 1.4
db:JVNDBid:JVNDB-2013-005674
Trust: 0.8
db:CNNVDid:CNNVD-201312-444
Trust: 0.7
db:AIXAPARid:IC96055
Trust: 0.6
db:XFid:87355
Trust: 0.6
db:XFid:20135406
Trust: 0.6
db:VULHUBid:VHN-65408
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65408 // 
            
            
            
            BID: 64446 // 
            
            
            
            JVNDB: JVNDB-2013-005674 // 
            
            
            
            CNNVD: CNNVD-201312-444 // 
            
            
            
            NVD: CVE-2013-5406

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic96055
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 1.7
url:http://www.securityfocus.com/bid/64446
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87355
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5406
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5406
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87355
Trust: 0.6
sources:
            
            
            VULHUB: VHN-65408 // 
            
            
            
            JVNDB: JVNDB-2013-005674 // 
            
            
            
            CNNVD: CNNVD-201312-444 // 
            
            
            
            NVD: CVE-2013-5406

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 64446

SOURCES
db:VULHUBid:VHN-65408
db:BIDid:64446
db:JVNDBid:JVNDB-2013-005674
db:CNNVDid:CNNVD-201312-444
db:NVDid:CVE-2013-5406

LAST UPDATE DATE
2024-11-23T21:45:30.100000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65408date:2017-08-29T00:00:00
db:BIDid:64446date:2014-01-28T01:03:00
db:JVNDBid:JVNDB-2013-005674date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-444date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5406date:2024-11-21T01:57:25.640

SOURCES RELEASE DATE
db:VULHUBid:VHN-65408date:2013-12-21T00:00:00
db:BIDid:64446date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005674date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-444date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5406date:2013-12-21T14:22:56.893