[email protected]CVE-2013-6738

HistoryApr 24, 2014 - 10:55 a.m.

CVE-2013-6738

2014-04-2410:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-6738

cross-site scripting

xss vulnerability

ibm smartcloud analytics

log analysis

nvd

security advisory

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.5%

JSON

Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CPENameOperatorVersion
ibm:smartcloud_analytics_log_analysisibm smartcloud analytics log analysiseq1.2.0
ibm:smartcloud_analytics_log_analysisibm smartcloud analytics log analysiseq1.1.0

CPE	Name	Operator	Version
ibm:smartcloud_analytics_log_analysis	ibm smartcloud analytics log analysis	eq	1.2.0
ibm:smartcloud_analytics_log_analysis	ibm smartcloud analytics log analysis	eq	1.1.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IV57425

www-01.ibm.com/support/docview.wss?uid=swg21669137

www-01.ibm.com/support/docview.wss?uid=swg21669554

www-01.ibm.com/support/docview.wss?uid=swg21676091

www-01.ibm.com/support/docview.wss?uid=swg21676092

www.securityfocus.com/bid/67051

exchange.xforce.ibmcloud.com/vulnerabilities/89854

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.5%

JSON

Related for CVE-2013-6738

ibm5 prion1 nessus4