Sign-up

ID

VAR-201312-0173


CVE

CVE-2013-5407


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-005685

DESCRIPTION

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. IBM Sterling B2B Integrator and IBM Sterling File Gateway are prone to an unspecified frame-injection vulnerability. An attacker can exploit this issue to conduct phishing attacks. Successful exploits will allow the attacker to gain unauthorized access or obtain sensitive information. The following product versions are vulnerable: IBM Sterling B2B Integrator 5.2 IBM Sterling File Gateway 2.2. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. The vulnerability stems from the fact that the program does not properly restrict the use of FRAME elements

Trust: 1.98

sources: NVD: CVE-2013-5407 // JVNDB: JVNDB-2013-005685 // BID: 64449 // VULHUB: VHN-65409

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-005685 // CNNVD: CNNVD-201312-445 // NVD: CVE-2013-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5407
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5407
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-445
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65409
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5407
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65409
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65409 // JVNDB: JVNDB-2013-005685 // CNNVD: CNNVD-201312-445 // NVD: CVE-2013-5407

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65409 // JVNDB: JVNDB-2013-005685 // NVD: CVE-2013-5407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-445

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-445

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005685

PATCH
title:IC96057url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057
Trust: 0.8
title:1657539url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005685

EXTERNAL IDS
db:NVDid:CVE-2013-5407
Trust: 2.8
db:JVNDBid:JVNDB-2013-005685
Trust: 0.8
db:CNNVDid:CNNVD-201312-445
Trust: 0.7
db:XFid:20135407
Trust: 0.6
db:XFid:87356
Trust: 0.6
db:AIXAPARid:IC96057
Trust: 0.6
db:BIDid:64449
Trust: 0.4
db:VULHUBid:VHN-65409
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65409 // 
            
            
            
            BID: 64449 // 
            
            
            
            JVNDB: JVNDB-2013-005685 // 
            
            
            
            CNNVD: CNNVD-201312-445 // 
            
            
            
            NVD: CVE-2013-5407

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic96057
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87356
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5407
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5407
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87356
Trust: 0.6
sources:
            
            
            VULHUB: VHN-65409 // 
            
            
            
            JVNDB: JVNDB-2013-005685 // 
            
            
            
            CNNVD: CNNVD-201312-445 // 
            
            
            
            NVD: CVE-2013-5407

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 64449

SOURCES
db:VULHUBid:VHN-65409
db:BIDid:64449
db:JVNDBid:JVNDB-2013-005685
db:CNNVDid:CNNVD-201312-445
db:NVDid:CVE-2013-5407

LAST UPDATE DATE
2024-11-23T21:55:29.872000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65409date:2017-08-29T00:00:00
db:BIDid:64449date:2014-01-28T01:03:00
db:JVNDBid:JVNDB-2013-005685date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-445date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5407date:2024-11-21T01:57:25.763

SOURCES RELEASE DATE
db:VULHUBid:VHN-65409date:2013-12-21T00:00:00
db:BIDid:64449date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005685date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-445date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5407date:2013-12-21T14:22:56.927