CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
26.6%
Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.
Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.
Vulnerabily Details:****| CVE ID: CVE-2013-4007
A remote attacker could exploit this vulnerability to execute a script in a victim’s web browser within the security context of the hosting web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. This attack does require that the user clicking the vulnerable link be authenticated with a valid user ID and password.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85274> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
AMM FW versions before BPET64G, BBET64G
The recommended solution is to apply the fix to all previous versions as soon as practical. Please see below for information on the fixes available
Update AMM firmware version to BPET64G and BBET64G. Firmware can be downloaded from IBM Fix Central.
None
Complete CVSS Guide
On-line Calculator V2
CVE-2013-4007
<http://xforce.iss.net/xforce/xfdb/85274>
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
IBM Fix Central
This vulnerability was reported to IBM by Jens Regel of Schneider & Wulf EVD-Beratung.
12 August 2013: Original copy published