Lucene search

IbmCVE-2013-6745

HistoryDec 22, 2013 - 3:16 p.m.

CVE-2013-6745

2013-12-2215:16:04

CWE-79

ibm

web.nvd.nist.gov

cve

2013

6745

xss

vulnerability

ims server

ibm

security access manager

isam esso

remote authenticated users

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.

Affected configurations

Nvd

Node

ibmsecurity_access_manager_for_enterprise_single_sign-onMatch8.2

VendorProductVersionCPE
ibmsecurity_access_manager_for_enterprise_single_sign-on8.2cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_access_manager_for_enterprise_single_sign-on	8.2	cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21660569

www.securityfocus.com/bid/64475

exchange.xforce.ibmcloud.com/vulnerabilities/89861

www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

Related for CVE-2013-6745