Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-5372
HistoryOct 19, 2013 - 10:36 a.m.

CVE-2013-5372

2013-10-1910:36:07
CWE-399
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

Affected configurations

NVD
Node
ibmwebsphere_message_brokerMatch6.1
OR
ibmwebsphere_message_brokerMatch6.1.0.1
OR
ibmwebsphere_message_brokerMatch6.1.0.2
OR
ibmwebsphere_message_brokerMatch6.1.0.3
OR
ibmwebsphere_message_brokerMatch6.1.0.4
OR
ibmwebsphere_message_brokerMatch6.1.0.5
OR
ibmwebsphere_message_brokerMatch6.1.0.6
OR
ibmwebsphere_message_brokerMatch6.1.0.7
OR
ibmwebsphere_message_brokerMatch6.1.0.8
OR
ibmwebsphere_message_brokerMatch6.1.0.9
OR
ibmwebsphere_message_brokerMatch6.1.0.10
OR
ibmwebsphere_message_brokerMatch6.1.0.11
Node
ibmwebsphere_message_brokerMatch8.0
OR
ibmwebsphere_message_brokerMatch8.0.0.1
OR
ibmwebsphere_message_brokerMatch8.0.0.2
OR
ibmwebsphere_message_brokerMatch8.0.0.3
Node
ibmwebsphere_message_brokerMatch7.0.
OR
ibmwebsphere_message_brokerMatch7.0.0.1
OR
ibmwebsphere_message_brokerMatch7.0.0.2
OR
ibmwebsphere_message_brokerMatch7.0.0.3
OR
ibmwebsphere_message_brokerMatch7.0.0.4
OR
ibmwebsphere_message_brokerMatch7.0.0.5
OR
ibmwebsphere_message_brokerMatch7.0.0.6

Related

cvelist 1
cve 1
ibm 25
prion 1
nessus 13
openvas 1
suse 4
redhat 4
veracode 16
aix 1
cvelist
cvelist
CVE-2013-5372
2013-10-19 10:00:00
cve
cve
CVE-2013-5372
2013-10-19 10:36:07
ibm
ibm
Security Bulletin: IBM Enterprise Content Management Widgets and potential Apache Xerces-J denial of service attack (CVE-2013-5372)
2022-09-25 23:09:27
Security Bulletin:Tivoli Multiple vulnerabilities in Tivoli Business Service Manager (CVE-2013-5802,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013
2018-06-15 06:59:05
prion
prion
Code injection
2013-10-19 10:36:00
nessus
nessus
IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities
2014-01-20 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities
2014-01-20 00:00:00
IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities
2014-05-29 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1669-1)
2021-06-09 00:00:00
suse
suse
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for Java 6 (important)
2013-11-19 00:04:12
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
redhat
redhat
(RHSA-2013:1509) Important: java-1.5.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1508) Critical: java-1.6.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1793) Low: Red Hat Network Satellite server IBM Java Runtime security update
2013-12-05 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:36
aix
aix
Multiple Java vulnerabilities
2013-12-11 10:53:34

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON
Related for NVD:CVE-2013-5372
cvelist1cve1ibm25prion1nessus13openvas1suse4redhat4veracode16aix1