CVE-2013-0499
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
Affected (42)
Products: Ibm: Websphere Datapower Xc10 Appliance Firmware, Websphere Datapower Xc10 Appliance, Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware, Websphere Datapower Service Gateway Xg45 Virtual Edition, Websphere Datapower Service Gateway Xg45 Firmware, Websphere Datapower Service Gateway Xg45, Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware, Websphere Datapower Integration Appliance Xi52 Virtual Edition, Websphere Datapower Integration Appliance Xi52 Firmware, Websphere Datapower Integration Appliance Xi52, Websphere Datapower Integration Appliance Xi50 Firmware, Websphere Datapower Integration Appliance Xi50, Websphere Datapower B2b Appliance Xb62 Firmware, Websphere Datapower B2b Appliance Xb62
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.8.2 | |
| All versions |
References (8)
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Timeline
No history available yet.