Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0499

Опубликовано: 28 мая 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45_virtual_edition:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi50:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

Одно из

cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:websphere_datapower_b2b_appliance_xb62:-:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00256
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-r4rq-634f-573c

github
почти 4 года назад

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

EPSS

Процентиль: 49%
0.00256
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79