Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9EC54E74766E8F255FAF524A062C7FBDB65743C8AADCF59D1BC96602B572A83A
HistoryMay 11, 2022 - 1:20 a.m.

Security Bulletin: Multiple security vulnerabilities - IBM Sterling Order Management (CVE-2013-0505, CVE-2013-0506)

2022-05-1101:20:03
www.ibm.com
7

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

55.1%

JSON

Summary

IBM Sterling Order Management is vulnerable to cross-site scripting and XPath injections.

Vulnerability Details

CVE ID:CVE-2013-0505

Description: IBM Sterling Order Management is vulnerable to XPath injection, caused by the improper validation of input prior to using it in a XPath (XML Path Language) query. By injecting arbitrary XPath code, a malicious user could exploit this vulnerability to read arbitrary XML files.

CVSS:
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82339&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVE ID:CVE-2013-0506

Description: IBM Sterling Order Management is vulnerable to cross-site scripting which could lead to unauthorized access through the injected scripts.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82341&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling Selling and Fulfillment Foundation 9.2.0
IBM Sterling Selling and Fulfillment Foundation 9.1.0
IBM Sterling Selling and Fulfillment Foundation 9.0
IBM Sterling Selling and Fulfillment Foundation 8.5
IBM Sterling Multi-Channel Fulfillment Solution 8.0

Remediation/Fixes

_Fix_* VRMF APAR How to acquire fix
9.2.0-FP13 9.2.0.13
__<http://www-933.ibm.com/support/fixcentral/options&gt;__

Select appropriate VRMF (for example 9.2.0.13) to access the FixPack
9.1.0-FP41| 9.1.0.41| ID358571| __<http://www-933.ibm.com/support/fixcentral/options&gt;__

Select appropriate VRMF (for example 9.1.0.41) to access the FixPack
9.0-HF69| 9.0.0.69|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
8.5-HF89| 8.5.0.89|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
8.0-HF127| 8.0.0127|
| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US

Workarounds and Mitigations

None known

Affected configurations

Vulners
Node
ibmsterling_order_managementMatch9.0
OR
ibmsterling_order_managementMatch8.5
OR
ibmsterling_order_managementMatch8.0
OR
ibmsterling_order_managementMatch9.2
OR
ibmsterling_order_managementMatch9.1

Related

prion 2
nvd 2
cve 2
cvelist 2
prion
prion
Cross site scripting
2013-03-19 18:55:00
Design/Logic Flaw
2013-03-19 18:55:00
nvd
nvd
CVE-2013-0506
2013-03-19 18:55:03
CVE-2013-0505
2013-03-19 18:55:03
cve
cve
CVE-2013-0506
2013-03-19 18:55:03
CVE-2013-0505
2013-03-19 18:55:03
cvelist
cvelist
CVE-2013-0506
2013-03-19 18:00:00
CVE-2013-0505
2013-03-19 18:00:00

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

55.1%

JSON
Related for 9EC54E74766E8F255FAF524A062C7FBDB65743C8AADCF59D1BC96602B572A83A
prion2nvd2cve2cvelist2