Vulnerability CVE-2013-4059 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4059 (CCN-86548)

Assigned:

2013-06-07

Published:

2014-03-10

Updated:

2017-08-29

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2013-4059

Source: CCN
Type: SA57312
IBM InfoSphere Information Server Multiple Vulnerabilities

Source: AIXAPAR
Type: UNKNOWN
JR48815

Source: AIXAPAR
Type: UNKNOWN
JR49200

Source: AIXAPAR
Type: UNKNOWN
JR49206

Source: CCN
Type: IBM Security Bulletin 1666684
Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21666684

Source: CCN
Type: IBM Security Bulletin 1670298
Multiple security vulnerabilities exist in IBM InfoSphere Data Click 10.0 (CVE-2013-3034 CVE-2013-3040 CVE-2013-0599 CVE-2013-4057 CVE-2013-4058 CVE-2013-4059 CVE-2013-4066 CVE-2013-4067)

Source: CCN
Type: IBM Security Bulletin 1674448
In IBM InfoSphere Information Server, the Information Services Catalog interface is vulnerable to various web UI vulnerabilities (CVE-2013-3034, CVE-2013-4057, CVE-2013-4059, CVE-2012-4819)

Source: BID
Type: UNKNOWN
66151

Source: CCN
Type: BID-66151
IBM InfoSphere Information Server CVE-2013-4059 Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
ibm-infosphere-cve20134059-xss(86548)

Source: XF
Type: UNKNOWN
ibm-infosphere-cve20134059-xss(86548)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:infosphere_information_server:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable