| Vulnerability Name: | CVE-2013-0505 (CCN-82339) | ||||||||
| Assigned: | 2012-12-16 | ||||||||
| Published: | 2013-03-18 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 CWE-20 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-0505 Source: CCN Type: SA52706 IBM Sterling Order Management Cross-Site Scripting and XPath Injection Vulnerabilities Source: AIXAPAR Type: UNKNOWN ID358571 Source: CCN Type: IBM Security Bulletin 1631302 Multiple security vulnerabilities - IBM Sterling Order Management (CVE-2013-0505, CVE-2013-0506) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21631302 Source: CCN Type: BID-58578 IBM Sterling Order Management CVE-2013-0505 XPath Injection Vulnerability Source: XF Type: UNKNOWN sterling-om-xpath-injection(82339) Source: XF Type: UNKNOWN sterling-om-xpath-injection(82339) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||