cvelistv5 - cve-2013-5442

CVE-2013-5442 (GCVE-0-2013-5442)

Vulnerability from cvelistv5 – Published: 2013-11-13 15:00 – Updated: 2024-08-06 17:15

Summary

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/63642	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-xgs-cve20135442-xss(87818)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
          },
          {
            "name": "63642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63642"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-xgs-cve20135442-xss(87818)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
        },
        {
          "name": "63642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63642"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5442",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-xgs-cve20135442-xss(87818)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
            },
            {
              "name": "63642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63642"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5442",
    "datePublished": "2013-11-13T15:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"853079DC-2990-4700-A69B-7FFC6E7175E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2B08CBB-4A15-4125-A8FA-6F64655A0BA0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en Local Management Interface (LMI) de dispositivos IBM Security Network Protection en XGS 5100 con firmware 5.1 anterior a la versi\\u00f3n 5.1.0.6 y 5.1.1 anterior a 5.1.1.1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\\u00e9s de vectores sin especificar.\"}]",
      "id": "CVE-2013-5442",
      "lastModified": "2024-11-21T01:57:28.660",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-11-13T15:55:03.643",
      "references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21655377\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/63642\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87818\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21655377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/63642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5442\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2013-11-13T15:55:03.643\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Local Management Interface (LMI) de dispositivos IBM Security Network Protection en XGS 5100 con firmware 5.1 anterior a la versi\u00f3n 5.1.0.6 y 5.1.1 anterior a 5.1.1.1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"853079DC-2990-4700-A69B-7FFC6E7175E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B08CBB-4A15-4125-A8FA-6F64655A0BA0\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21655377\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/63642\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87818\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21655377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/63642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2014-AVI-094

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans IBM Content Navigator. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM Content Navigator versions 2.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21665361 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665360 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665358 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665362 du 27 février 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM Content Navigator versions 2.x\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5442"
    },
    {
      "name": "CVE-2013-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5879"
    },
    {
      "name": "CVE-2014-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0858"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-094",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Content Navigator\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\npolitique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Content Navigator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665361 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665361"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665360 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665358 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665358"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665362 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665362"
    }
  ]
}

CERTFR-2014-AVI-094

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM Content Navigator versions 2.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21665361 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665360 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665358 du 27 février 2014	None	vendor-advisory
Bulletin de sécurité IBM swg21665362 du 27 février 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM Content Navigator versions 2.x\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5442"
    },
    {
      "name": "CVE-2013-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5879"
    },
    {
      "name": "CVE-2014-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0858"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-094",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Content Navigator\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\npolitique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Content Navigator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665361 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665361"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665360 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665358 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665358"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21665362 du 27 f\u00e9vrier 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21665362"
    }
  ]
}

FKIE_CVE-2013-5442

Vulnerability from fkie_nvd - Published: 2013-11-13 15:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21655377	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/63642
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87818
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21655377	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/63642
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87818

Impacted products

Vendor	Product	Version
ibm	security_network_protection_firmware	5.1
ibm	security_network_protection_firmware	5.1.1
ibm	security_network_protection_xgs_5100	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "853079DC-2990-4700-A69B-7FFC6E7175E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B08CBB-4A15-4125-A8FA-6F64655A0BA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Local Management Interface (LMI) de dispositivos IBM Security Network Protection en XGS 5100 con firmware 5.1 anterior a la versi\u00f3n 5.1.0.6 y 5.1.1 anterior a 5.1.1.1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-5442",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-11-13T15:55:03.643",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/63642"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/63642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201311-0157

Vulnerability from variot - Updated: 2023-12-18 12:58

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM Security Network Protection is a device of the IBM Security Intrusion Prevention product portfolio. An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0157",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network protection xgs 5100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "security network protection",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network protection xgs 5100",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.0.6"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5.1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM",
    "sources": [
      {
        "db": "BID",
        "id": "63642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-5442",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-5442",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-14452",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-65444",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5442",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-14452",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-132",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65444",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM Security Network Protection is a device of the IBM Security Intrusion Prevention product portfolio. \nAn attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "BID",
        "id": "63642"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5442",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "63642",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "55609",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "87818",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "20135442",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "db": "BID",
        "id": "63642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "id": "VAR-201311-0157",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      }
    ],
    "trust": 0.94090908
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:58:05.605000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1655377",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
      },
      {
        "title": "\\302\\240\\302\\240\\302\\240\\302\\240\\302\\240Patch for IBM Security Network Protection XGS 5100 Local Management Interface Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/41079"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/63642"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5442"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5442"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/55609/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21655377"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/87818"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "db": "BID",
        "id": "63642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "date": "2013-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "date": "2013-11-08T00:00:00",
        "db": "BID",
        "id": "63642"
      },
      {
        "date": "2013-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "date": "2013-11-13T15:55:03.643000",
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "date": "2013-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-14452"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65444"
      },
      {
        "date": "2014-04-02T01:07:00",
        "db": "BID",
        "id": "63642"
      },
      {
        "date": "2013-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      },
      {
        "date": "2017-08-29T01:33:47.247000",
        "db": "NVD",
        "id": "CVE-2013-5442"
      },
      {
        "date": "2013-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XGS 5100 Run on  IBM Security Network Protection Firmware cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005102"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-132"
      }
    ],
    "trust": 0.6
  }
}

GHSA-CWW7-3WJR-4G2Q

Vulnerability from github – Published: 2022-05-17 01:31 – Updated: 2022-05-17 01:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-11-13T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-cww7-3wjr-4g2q",
  "modified": "2022-05-17T01:31:47Z",
  "published": "2022-05-17T01:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5442"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/63642"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-5442

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5442

Aliases

CVE-2013-5442

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5442",
    "description": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2013-5442"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5442"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2013-5442",
      "modified": "2023-12-13T01:22:22.199902Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2013-5442",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ibm-xgs-cve20135442-xss(87818)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
          },
          {
            "name": "63642",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/63642"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5442"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
            },
            {
              "name": "63642",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/63642"
            },
            {
              "name": "ibm-xgs-cve20135442-xss(87818)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2013-11-13T15:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5442 (GCVE-0-2013-5442)

CERTFR-2014-AVI-094

Solution

CERTFR-2014-AVI-094

Solution

FKIE_CVE-2013-5442

VAR-201311-0157

GHSA-CWW7-3WJR-4G2Q

GSD-2013-5442

Tags

Sightings

Nomenclature