Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-0460
HistoryJan 27, 2013 - 6:55 p.m.

CVE-2013-0460

2013-01-2718:55:02
CWE-352
[email protected]
web.nvd.nist.gov
8

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Affected configurations

Nvd
Node
ibmwebsphere_application_serverMatch6.1.0.0
OR
ibmwebsphere_application_serverMatch6.1.0.1
OR
ibmwebsphere_application_serverMatch6.1.0.2
OR
ibmwebsphere_application_serverMatch6.1.0.3
OR
ibmwebsphere_application_serverMatch6.1.0.5
OR
ibmwebsphere_application_serverMatch6.1.0.7
OR
ibmwebsphere_application_serverMatch6.1.0.9
OR
ibmwebsphere_application_serverMatch6.1.0.11
OR
ibmwebsphere_application_serverMatch6.1.0.12
OR
ibmwebsphere_application_serverMatch6.1.0.13
OR
ibmwebsphere_application_serverMatch6.1.0.14
OR
ibmwebsphere_application_serverMatch6.1.0.15
OR
ibmwebsphere_application_serverMatch6.1.0.17
OR
ibmwebsphere_application_serverMatch6.1.0.19
OR
ibmwebsphere_application_serverMatch6.1.0.21
OR
ibmwebsphere_application_serverMatch6.1.0.23
OR
ibmwebsphere_application_serverMatch6.1.0.25
OR
ibmwebsphere_application_serverMatch6.1.0.27
OR
ibmwebsphere_application_serverMatch6.1.0.29
OR
ibmwebsphere_application_serverMatch6.1.0.31
OR
ibmwebsphere_application_serverMatch6.1.0.33
OR
ibmwebsphere_application_serverMatch6.1.0.35
OR
ibmwebsphere_application_serverMatch6.1.0.37
OR
ibmwebsphere_application_serverMatch6.1.0.39
OR
ibmwebsphere_application_serverMatch6.1.0.41
OR
ibmwebsphere_application_serverMatch6.1.0.43
OR
ibmwebsphere_application_serverMatch6.1.0.45
Node
ibmwebsphere_application_serverMatch7.0
OR
ibmwebsphere_application_serverMatch7.0.0.1
OR
ibmwebsphere_application_serverMatch7.0.0.2
OR
ibmwebsphere_application_serverMatch7.0.0.3
OR
ibmwebsphere_application_serverMatch7.0.0.5
OR
ibmwebsphere_application_serverMatch7.0.0.7
OR
ibmwebsphere_application_serverMatch7.0.0.9
OR
ibmwebsphere_application_serverMatch7.0.0.11
OR
ibmwebsphere_application_serverMatch7.0.0.13
OR
ibmwebsphere_application_serverMatch7.0.0.15
OR
ibmwebsphere_application_serverMatch7.0.0.17
OR
ibmwebsphere_application_serverMatch7.0.0.19
OR
ibmwebsphere_application_serverMatch7.0.0.21
OR
ibmwebsphere_application_serverMatch7.0.0.23
OR
ibmwebsphere_application_serverMatch7.0.0.25
VendorProductVersionCPE
ibmwebsphere_application_server6.1.0.0cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.1cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.2cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.3cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.5cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.7cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.9cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.11cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.12cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.13cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
Rows per page:
1-10 of 421

Related

prion 1
openvas 1
cve 1
cvelist 1
nessus 4
ibm 5
prion
prion
Cross site request forgery (csrf)
2013-01-27 18:55:00
openvas
openvas
IBM Websphere Application Server CSRF Vulnerability-01 (Jan 2016)
2016-01-20 00:00:00
cve
cve
CVE-2013-0460
2013-01-27 18:55:02
cvelist
cvelist
CVE-2013-0460
2013-01-27 18:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities
2013-01-25 00:00:00
IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities
2014-01-20 00:00:00
IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities
2013-12-05 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.27
2022-09-25 20:45:36
Security Bulletin: Potential Security Vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.8
2018-06-15 06:59:10
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1
2022-09-26 03:31:32

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.8%

JSON
Related for NVD:CVE-2013-0460
prion1openvas1cve1cvelist1nessus4ibm5