Sign-up

ID

VAR-201312-0175


CVE

CVE-2013-5411


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Link insertion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005676

DESCRIPTION

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. Attackers can exploit this issue to inject arbitrary links to different pages within the application. This may allow an attacker to perform phishing attacks by presenting false information that may appear to be legitimate application pages. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker could exploit this vulnerability to inject links and trigger users to navigate to malicious websites or perform malicious actions

Trust: 1.98

sources: NVD: CVE-2013-5411 // JVNDB: JVNDB-2013-005676 // BID: 64447 // VULHUB: VHN-65413

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-005676 // CNNVD: CNNVD-201312-447 // NVD: CVE-2013-5411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5411
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5411
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-447
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65413
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5411
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65413
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65413 // JVNDB: JVNDB-2013-005676 // CNNVD: CNNVD-201312-447 // NVD: CVE-2013-5411

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65413 // JVNDB: JVNDB-2013-005676 // NVD: CVE-2013-5411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-447

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-447

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005676

PATCH
title:IC96059url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC96059
Trust: 0.8
title:1657539url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005676

EXTERNAL IDS
db:NVDid:CVE-2013-5411
Trust: 2.8
db:JVNDBid:JVNDB-2013-005676
Trust: 0.8
db:CNNVDid:CNNVD-201312-447
Trust: 0.7
db:XFid:20135411
Trust: 0.6
db:XFid:87360
Trust: 0.6
db:AIXAPARid:IC96059
Trust: 0.6
db:BIDid:64447
Trust: 0.4
db:VULHUBid:VHN-65413
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65413 // 
            
            
            
            BID: 64447 // 
            
            
            
            JVNDB: JVNDB-2013-005676 // 
            
            
            
            CNNVD: CNNVD-201312-447 // 
            
            
            
            NVD: CVE-2013-5411

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic96059
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87360
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5411
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5411
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87360
Trust: 0.6
sources:
            
            
            VULHUB: VHN-65413 // 
            
            
            
            JVNDB: JVNDB-2013-005676 // 
            
            
            
            CNNVD: CNNVD-201312-447 // 
            
            
            
            NVD: CVE-2013-5411

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 64447

SOURCES
db:VULHUBid:VHN-65413
db:BIDid:64447
db:JVNDBid:JVNDB-2013-005676
db:CNNVDid:CNNVD-201312-447
db:NVDid:CVE-2013-5411

LAST UPDATE DATE
2024-11-23T22:46:09.021000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65413date:2017-08-29T00:00:00
db:BIDid:64447date:2014-01-28T01:03:00
db:JVNDBid:JVNDB-2013-005676date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-447date:2013-12-25T00:00:00
db:NVDid:CVE-2013-5411date:2024-11-21T01:57:26.017

SOURCES RELEASE DATE
db:VULHUBid:VHN-65413date:2013-12-21T00:00:00
db:BIDid:64447date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005676date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-447date:2013-12-25T00:00:00
db:NVDid:CVE-2013-5411date:2013-12-21T14:22:56.973