5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
55.1%
IBM Sterling Order Management is vulnerable to cross-site scripting and XPath injections.
CVE ID:CVE-2013-0505
Description: IBM Sterling Order Management is vulnerable to XPath injection, caused by the improper validation of input prior to using it in a XPath (XML Path Language) query. By injecting arbitrary XPath code, a malicious user could exploit this vulnerability to read arbitrary XML files.
CVSS:
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82339> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CVE ID:CVE-2013-0506
Description: IBM Sterling Order Management is vulnerable to cross-site scripting which could lead to unauthorized access through the injected scripts.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82341> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
IBM Sterling Selling and Fulfillment Foundation 9.2.0
IBM Sterling Selling and Fulfillment Foundation 9.1.0
IBM Sterling Selling and Fulfillment Foundation 9.0
IBM Sterling Selling and Fulfillment Foundation 8.5
IBM Sterling Multi-Channel Fulfillment Solution 8.0
_Fix_* | VRMF | APAR | How to acquire fix |
---|---|---|---|
9.2.0-FP13 | 9.2.0.13 | ||
__<http://www-933.ibm.com/support/fixcentral/options>__ |
Select appropriate VRMF (for example 9.2.0.13) to access the FixPack
9.1.0-FP41| 9.1.0.41| ID358571| __<http://www-933.ibm.com/support/fixcentral/options>__
Select appropriate VRMF (for example 9.1.0.41) to access the FixPack
9.0-HF69| 9.0.0.69|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
8.5-HF89| 8.5.0.89|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
8.0-HF127| 8.0.0127|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
None known