Vulnerability Name: | CVE-2013-0581 (CCN-83333) | ||||||||
Assigned: | 2012-12-16 | ||||||||
Published: | 2013-06-25 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPortal/dashboard.jsp, (2) teamworks/executeServiceByName, (3) portal/jsp/viewAdHocReportWizard.do, or (4) rest/bpm/wle/v1/process. | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-0581 Source: AIXAPAR Type: UNKNOWN JR45799 Source: CCN Type: IBM Security Bulletin 1633593 IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21633593 Source: CCN Type: BID-58541 IBM Business Process Manager CVE-2013-0581 Multiple Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN bpm-cve20130581-xss(83333) Source: XF Type: UNKNOWN bpm-cve20130581-xss(83333) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |