Lucene search

[email protected]CVE-2013-0505

HistoryMar 19, 2013 - 6:55 p.m.

CVE-2013-0505

2013-03-1918:55:00

CWE-200

CWE-20

[email protected]

web.nvd.nist.gov

ibm

sterling

order management

xpath injection

cve-2013-0505

security

vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

CPENameOperatorVersion
ibm:sterling_selling_and_fulfillment_foundationibm sterling selling and fulfillment foundationeq9.1.0
ibm:sterling_selling_and_fulfillment_foundationibm sterling selling and fulfillment foundationeq8.5
ibm:sterling_selling_and_fulfillment_foundationibm sterling selling and fulfillment foundationeq9.0
ibm:sterling_selling_and_fulfillment_foundationibm sterling selling and fulfillment foundationeq9.2.0
ibm:sterling_multi-channel_fulfillment_solutionibm sterling multi-channel fulfillment solutioneq8.0

CPE	Name	Operator	Version
ibm:sterling_selling_and_fulfillment_foundation	ibm sterling selling and fulfillment foundation	eq	9.1.0
ibm:sterling_selling_and_fulfillment_foundation	ibm sterling selling and fulfillment foundation	eq	8.5
ibm:sterling_selling_and_fulfillment_foundation	ibm sterling selling and fulfillment foundation	eq	9.0
ibm:sterling_selling_and_fulfillment_foundation	ibm sterling selling and fulfillment foundation	eq	9.2.0
ibm:sterling_multi-channel_fulfillment_solution	ibm sterling multi-channel fulfillment solution	eq	8.0

References

www-01.ibm.com/support/docview.wss?uid=swg1ID358571

www-01.ibm.com/support/docview.wss?uid=swg21631302

exchange.xforce.ibmcloud.com/vulnerabilities/82339

6.6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for CVE-2013-0505

cvelist1 prion1 ibm1