← Back

CVE-2013-0505

nvd nist
Published: Mar 19, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:N
Exploitability: 8.0 / Impact: 4.9
Source: NVD

Description

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

Affected (5)

Ibm
2 products
Sterling Multi Channel Fulfillment Solution
Sterling Selling And Fulfillment Foundation
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Sterling Multi Channel Fulfillment Solution
Version 8.0
Ibm
Sterling Selling And Fulfillment Foundation
Version 8.5
Sterling Selling And Fulfillment Foundation
Version 9.0
Sterling Selling And Fulfillment Foundation
Version 9.1.0
Sterling Selling And Fulfillment Foundation
Version 9.2.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.