Lucene search

[email protected]CVE-2013-0473

HistoryMar 29, 2013 - 4:08 p.m.

CVE-2013-0473

2013-03-2916:08:58

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-0473

cross-site scripting

xss

ibm security appscan

ibm rational policy tester

remote code injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report.

Affected configurations

NVD

Node

ibmsecurity_appscanMatch5.6.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.0.0.2-enterprise

ibmsecurity_appscanMatch8.0.1.0-enterprise

ibmsecurity_appscanMatch8.0.1.1-enterprise

ibmsecurity_appscanMatch8.0.11-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

ibmsecurity_appscanMatch8.6.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.2-enterprise

Node

ibmrational_policy_testerMatch5.6.0.0

ibmrational_policy_testerMatch8.0.0.0

ibmrational_policy_testerMatch8.0.0.1

ibmrational_policy_testerMatch8.0.0.2

ibmrational_policy_testerMatch8.0.1.0

ibmrational_policy_testerMatch8.0.1.1

ibmrational_policy_testerMatch8.5.0.0

ibmrational_policy_testerMatch8.5.0.1

ibmrational_policy_testerMatch8.5.0.2

ibmrational_policy_testerMatch8.5.0.3

CPENameOperatorVersion
ibm:security_appscanibm security appscaneq5.6.0.0
ibm:security_appscanibm security appscaneq8.0.0.0
ibm:security_appscanibm security appscaneq8.0.0.1
ibm:security_appscanibm security appscaneq8.0.0.2
ibm:security_appscanibm security appscaneq8.0.1.0
ibm:security_appscanibm security appscaneq8.0.1.1
ibm:security_appscanibm security appscaneq8.0.11
ibm:security_appscanibm security appscaneq8.5.0.0
ibm:security_appscanibm security appscaneq8.5.0.1
ibm:security_appscanibm security appscaneq8.6.0.0

CPE	Name	Operator	Version
ibm:security_appscan	ibm security appscan	eq	5.6.0.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.1
ibm:security_appscan	ibm security appscan	eq	8.0.0.2
ibm:security_appscan	ibm security appscan	eq	8.0.1.0
ibm:security_appscan	ibm security appscan	eq	8.0.1.1
ibm:security_appscan	ibm security appscan	eq	8.0.11
ibm:security_appscan	ibm security appscan	eq	8.5.0.0
ibm:security_appscan	ibm security appscan	eq	8.5.0.1
ibm:security_appscan	ibm security appscan	eq	8.6.0.0

Rows per page:

1-10 of 121

References

www-01.ibm.com/support/docview.wss?uid=swg21626264

www-01.ibm.com/support/docview.wss?uid=swg21631304

exchange.xforce.ibmcloud.com/vulnerabilities/81337

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2013-0473

cvelist1 nvd1 prion1