Lucene search

IbmCVE-2013-0466

HistoryFeb 20, 2013 - 12:09 p.m.

CVE-2013-0466

2013-02-2012:09:22

CWE-79

ibm

web.nvd.nist.gov

cve-2013-0466

cross-site scripting

xss vulnerability

ibm websphere

message broker

soapinput node

wsdl

remote attackers

html

web script

security vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message.

Affected configurations

Nvd

Node

ibmwebsphere_message_brokerMatch7.0.

ibmwebsphere_message_brokerMatch7.0.0.1

ibmwebsphere_message_brokerMatch7.0.0.2

ibmwebsphere_message_brokerMatch7.0.0.3

ibmwebsphere_message_brokerMatch7.0.0.4

ibmwebsphere_message_brokerMatch7.0.0.5

Node

ibmwebsphere_message_brokerMatch8.0

ibmwebsphere_message_brokerMatch8.0.0.1

VendorProductVersionCPE
ibmwebsphere_message_broker7.0.cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
ibmwebsphere_message_broker7.0.0.1cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_message_broker7.0.0.2cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_message_broker7.0.0.3cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_message_broker7.0.0.4cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_message_broker7.0.0.5cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_message_broker8.0cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
ibmwebsphere_message_broker8.0.0.1cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_message_broker	7.0.	cpe:2.3:a:ibm:websphere_message_broker:7.0.:::::::*
ibm	websphere_message_broker	7.0.0.1	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:::::::*
ibm	websphere_message_broker	7.0.0.2	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:::::::*
ibm	websphere_message_broker	7.0.0.3	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:::::::*
ibm	websphere_message_broker	7.0.0.4	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:::::::*
ibm	websphere_message_broker	7.0.0.5	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:::::::*
ibm	websphere_message_broker	8.0	cpe:2.3:a:ibm:websphere_message_broker:8.0:::::::*
ibm	websphere_message_broker	8.0.0.1	cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IC89383

www-01.ibm.com/support/docview.wss?uid=swg21623316

exchange.xforce.ibmcloud.com/vulnerabilities/81062

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Related for CVE-2013-0466