IBM1354FE496F08871861F5516C6685DBD2847385882D714957593AF3E3533B4477Security Bulletin: Cross-site scripting in Oauth (CVE-2013-6738)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Summary
Cross-site scripting in Oauth
Vulnerability Details
CVE ID**:** CVE-2013-6738
DESCRIPTION:
OAuth /authorize endpoint will return an invalid query param in the response. This allows a script to be injected in the response.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Any customer using version 1.1 should call IBM Support for guidance.
Affected Products and Versions
IBM SmartCloud Analytics LogAnalysis v1.1 and v1.2
Remediation/Fixes
IBM SmartCloud Analytics LogAnalysis 1.2.0.0-CSI-SCALA-IF0003 APAR ID - IV57425
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm smartcloud analytics | eq | 1.2.0 |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N