Vulnerability Name: CVE-2013-0464 (CCN-81060) Assigned: 2012-12-16 Published: 2013-05-30 Updated: 2017-08-29 Summary: Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Cross-Site Scripting References: Source: MITRECVE-2013-0464 IBM SPSS Data Collection Eclipse Help System Weakness and Vulnerability IBM Integrated Information Core Eclipse Help System Weakness and Vulnerability IBM Rational Insight Eclipse Help System Multiple Vulnerabilities IBM Content Manager Enterprise Edition Eclipse Help System Multiple Vulnerabilities IBM Tivoli Integrated Portal Multiple Vulnerabilities 54971 IBM Tivoli Dynamic Workload Console Multiple Vulnerabilities 55115 Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467) http://www-01.ibm.com/support/docview.wss?uid=swg21637954 Vulnerabilities in IBM Rational InsightÂ’s Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599) IBM OmniFind Enterprise Edition and IBM Content Analytics (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) IBM WebSphere Appliance Management Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal Security Vulnerabilities addressed in IBM Tivoli Netcool Performance Manager (CVE-2013-0464, CVE-2012-3325, CVE-2012-3325) IBM Content Collector - Eclipse Help System Cross Site Scripting Vulnerability (CVE-2013-0464) Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858) Potential Security issue for SmartCloud Cost Management (CVE-2013-0464 and CVE-2012-3325) IBM Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (IEHS) (CVE-2013-0464 and CVE-2013-0467) Vulnerabilities in IBM Rational Synergy's Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599) IBM Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858) Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component Multiple security vulnerabilities in IEHS Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) Multiple security vulnerabilities exist in WebSphere Transformation Extender (CVE-2013-5802 CVE-2013-4002 CVE-2013-5825 CVE-2013-5372 CVE-2013-0599 CVE-2013-0464 CVE-2013-0467 CVE-2013-2962 CVE-2013-2415) Fix available for security vulnerabilities related to IEHS in IBM WebSphere Portal (multiple CVEs) Fix available for security vulnerabilities related to IEHS in IBM Sametime Meetings and Proxy version 9 (multiple CVEs) Cross-Site Scripting vulnerability in Business Space Help affects IBM Business Process Manager (BPM) and WebSphere Process Server (WPS) - CVE-2013-0464 Cross-Site Scripting vulnerability in Business Space Help affects IBM Business Monitor - CVE-2013-0464 IBM Integrated Information Core 1.5.0.1 interim fix for APAR JR46837 60246 IBM Eclipse Help System CVE-2013-0464 Cross Site Scripting Vulnerability iehs-cve20130464-xss(81060) iehs-cve20130464-xss(81060) CVE-2013-0464 Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:eclipse_help_system:3.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:eclipse_help_system:3.6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:7.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:eclipse_help_system:3.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:* AND cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_synergy:7.2.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.4:*:file_transfer:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:sametime:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:7.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:* Oval Definitions BACK
ibm eclipse help system 3.4.3
ibm eclipse help system 3.6.2
ibm spss data collection 6.0
ibm spss data collection 6.0.1
ibm spss data collection 7.0
ibm websphere mq 7.0
ibm websphere mq 7.0.0.1
ibm websphere mq 7.0.0.2
ibm websphere mq 7.0.1.1
ibm websphere mq 7.0.1.2
ibm websphere mq 7.0.1.3
ibm websphere mq 7.0.1.4
ibm websphere mq 7.1
ibm websphere mq 7.5
ibm eclipse help system 3.4.3
ibm websphere mq 7.5.0.1
ibm websphere mq 7.1.0.1
ibm websphere mq 7.1.0.2
ibm websphere portal 7.0
ibm spss data collection 6.0
ibm websphere portal 8.0
ibm spss data collection 6.0.1
ibm content collector 3.0
ibm spss data collection 7.0
ibm rational insight 1.1
ibm rational insight 1.1.1
ibm rational insight 1.1.1.1
ibm omnifind 9.1 -
ibm tivoli key lifecycle manager 2.0.1
ibm rational synergy 7.2.0.4
ibm websphere mq 7.0.1
ibm websphere mq 7.0.1.5
ibm websphere mq 7.0.1.6
ibm websphere mq 7.0.1.8
ibm websphere mq 7.0.1.7
ibm websphere mq 7.0.1.9
ibm websphere mq 7.0.1.10
ibm websphere mq 7.0.2
ibm websphere mq 7.0.3
ibm websphere mq 7.0.4
ibm websphere mq 7.5.0.2
ibm websphere mq 7.1.0.3
ibm license metric tool 7.5
ibm tivoli asset discovery for distributed 7.5
ibm sametime 9.0
ibm sametime 9.0.0.1
ibm websphere portal 6.1
ibm business process manager 7.5
ibm business process manager 7.5.0.1
ibm business process manager 7.5.1
ibm business process manager 7.5.1.1
ibm business process manager 7.5.1.2
ibm business process manager 8.0
ibm business process manager 8.0.1
ibm business process manager 8.0.1.1
ibm business process manager 8.0.1.2
ibm business process manager 8.5
ibm business process manager 8.5.0.1
ibm business process manager 8.5.5
ibm business process manager 8.0.1.3
ibm business monitor 8.5.5
ibm business process manager 8.5.6
ibm business monitor 8.5.6
ibm business process manager 8.5.0.2
ibm business process manager 8.5.7
ibm business process manager 8.5.6.1
ibm business process manager 8.5.6.2
ibm business monitor 8.5.7
Denotes that component is vulnerable