IBM Sterling Connect:Enterprise HTTP Option is vulnerable to cross frame scripting attacks.
CVE ID:CVE-2013-6327
DESCRIPTION:
IBM Sterling Connect:Enterprise HTTP Option could allow a cross-frame scripting attack, caused by improper validation of input within a frame. A remote attacker could exploit this vulnerability to monitor and capture user activity.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88908 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Sterling Connect:Enterprise HTTP Option 1.4.00
IBM Sterling Connect:Enterprise HTTP Option 1.3.02
The recommended solution is to apply the iFix as soon as practical. See below for information about the fixes available.
VRMF
| Fix| Where to acquire the fix
—|—|—
1.4.0.0| iFix 1| http://www.ibm.com/support/fixcentral/options
1.3.0.2| iFix 1| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
None