IBM81CECCCC2C25695A241D534EDEC4474590493062CC4428D423809B23DE404831Security Bulletin: Cross frame scripting vulnerability in Connect:Enterprise HTTP (CVE-2013-6327)
0.001 Low
EPSS
Percentile
47.3%
Summary
IBM Sterling Connect:Enterprise HTTP Option is vulnerable to cross frame scripting attacks.
Vulnerability Details
CVE ID:CVE-2013-6327
DESCRIPTION:
IBM Sterling Connect:Enterprise HTTP Option could allow a cross-frame scripting attack, caused by improper validation of input within a frame. A remote attacker could exploit this vulnerability to monitor and capture user activity.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88908 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM Sterling Connect:Enterprise HTTP Option 1.4.00
IBM Sterling Connect:Enterprise HTTP Option 1.3.02
Remediation/Fixes
The recommended solution is to apply the iFix as soon as practical. See below for information about the fixes available.
VRMF
| Fix| Where to acquire the fix
—|—|—
1.4.0.0| iFix 1| http://www.ibm.com/support/fixcentral/options
1.3.0.2| iFix 1| https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling connect:enterprise for unix | eq | 2.5 | |
| ibm sterling connect:enterprise for unix | eq | 2.4 |
Related
0.001 Low
EPSS
Percentile
47.3%