Search criteria
3 vulnerabilities found for websphere_datapower_integration_appliance_xi52 by ibm
FKIE_CVE-2013-0499
Vulnerability from fkie_nvd - Published: 2013-05-28 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52EF1C54-93CD-4B24-B553-0959A3816849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91AC9EFB-90F4-4608-9C36-CDE03234CE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE42F365-E83B-4DA8-B84A-E81F77CC63B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D25888C5-0200-4124-AE4F-D1989B9D0943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB499F52-5A18-40F9-A63A-A7C0E2A79D2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50016031-DAFB-420A-BC46-66C8D89681F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8DC137A-40F9-4E81-AE46-D1A512533FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E83E70F-AB49-43F7-A873-A1C6B5429E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68324EA4-89EA-4752-B39D-DA13B7FC39A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85315EC4-FCAF-44CC-8BF9-C85CAD3637BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF697743-6F1C-4C98-9EA2-E1EE1E7963CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45_virtual_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0434DBE4-7EE5-4A9D-AB44-02DC114BBD55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEC2F83-9C7F-44D9-A75B-BC5CDBCD61D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1AE21E-2D17-44F9-A116-4A162DEA8F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11817A12-ED84-4EF4-97CF-F8EB95F7196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B9D60E-8218-4A58-9DD3-CF4D8AEF7914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D77730-2F0E-4046-942F-ACDCF4C16439",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6AC122-7C0B-42B3-B9FB-1E1F4E3C31FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EBDAA7-4D20-4328-A4D7-19C5493A9EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5586C7C0-315B-4F3E-921B-30260A5A6238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED9C5A0-274C-4CAF-84E2-3A59B48C890C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "126DDB17-7D0A-426C-9CC2-EFED785E8CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6E2091-AEC2-43FD-A5D3-B6F805C95CD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E7E192-0494-498C-BF20-7C2AF3102D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2346457F-39BA-407E-8451-D44FB947757E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A592E7D9-B5B8-45DD-AAF0-E380F7511AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A570957F-5B26-46FD-B51B-E90C96EB4168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EFE5AD-4652-4254-8AE9-D06F3453A808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD176549-564F-49E8-9FDA-F4C263E5817F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "137D5F48-9118-4C2D-941A-8AEB48567443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB95DC9D-D74B-45E1-AFB0-80F7A1F46FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0833251B-E8A5-4E4A-B7CC-700E205509FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD789CDF-5F99-4FD3-ADE2-36297310EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF02EAA9-1CDA-4C8C-AF34-E133AA3497D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6B0888-C558-48EF-9C1B-4E169ECC70AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBB66F8-B497-404C-813A-A40E853054D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "357A5629-DF00-483B-BD8F-CCD05CF8CFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "122283E7-E514-4ED7-9529-A75CF236855B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "716DBA1D-16EE-4E87-BA6B-A444981392BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "513606F6-9E5C-45E9-86AE-332F1EDC06D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "390A7634-FDD9-4FB9-8641-31AB41168E85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:websphere_datapower_b2b_appliance_xb62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5257F9FA-F807-4D15-BF7C-8A9531619A50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad echo en dispositivos SOA WebSphere DataPower de IBM con la versi\u00f3n de firmware 3.8.2, 4.0, 4.0.1, 4.0.2 y 5.0.0, permite a los atacantes remotos inyectar script web o HTML arbitrarios por medio de un mensaje SOAP, como es demostrado por los servicios Firewall XML, Multi Protocol Gateway (MPGW), Proxy de servicio web y Token web."
}
],
"id": "CVE-2013-0499",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-28T16:55:01.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-0499 (GCVE-0-2013-0499)
Vulnerability from cvelistv5 – Published: 2013-05-28 16:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0499",
"datePublished": "2013-05-28T16:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0499 (GCVE-0-2013-0499)
Vulnerability from nvd – Published: 2013-05-28 16:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"
},
{
"name": "was-datapower-echo-xss(82221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"
},
{
"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/May/83"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0499",
"datePublished": "2013-05-28T16:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}