Published: 28/05/2013 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote malicious users to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere_datapower_xc10_appliance_firmware 3.8.2
ibm websphere_datapower_xc10_appliance_firmware 4.0
ibm websphere_datapower_xc10_appliance_firmware 4.0.1
ibm websphere_datapower_xc10_appliance_firmware 4.0.2
ibm websphere_datapower_xc10_appliance_firmware 5.0.0
ibm websphere_datapower_xc10_appliance -
ibm websphere_datapower_service_gateway_xg45_virtual_edition_firmware 5.0.0
ibm websphere_datapower_service_gateway_xg45_virtual_edition_firmware 4.0.1
ibm websphere_datapower_service_gateway_xg45_virtual_edition_firmware 4.0.2
ibm websphere_datapower_service_gateway_xg45_virtual_edition_firmware 3.8.2
ibm websphere_datapower_service_gateway_xg45_virtual_edition_firmware 4.0
ibm websphere_datapower_service_gateway_xg45_virtual_edition -
ibm websphere_datapower_service_gateway_xg45_firmware 5.0.0
ibm websphere_datapower_service_gateway_xg45_firmware 3.8.2
ibm websphere_datapower_service_gateway_xg45_firmware 4.0.1
ibm websphere_datapower_service_gateway_xg45_firmware 4.0.2
ibm websphere_datapower_service_gateway_xg45_firmware 4.0
ibm websphere_datapower_service_gateway_xg45 -
ibm websphere_datapower_integration_appliance_xi52_virtual_edition_firmware 5.0.0
ibm websphere_datapower_integration_appliance_xi52_virtual_edition_firmware 3.8.2
ibm websphere_datapower_integration_appliance_xi52_virtual_edition_firmware 4.0.1
ibm websphere_datapower_integration_appliance_xi52_virtual_edition_firmware 4.0.2
ibm websphere_datapower_integration_appliance_xi52_virtual_edition_firmware 4.0
ibm websphere_datapower_integration_appliance_xi52_virtual_edition -
ibm websphere_datapower_integration_appliance_xi52_firmware 4.0.2
ibm websphere_datapower_integration_appliance_xi52_firmware 5.0.0
ibm websphere_datapower_integration_appliance_xi52_firmware 4.0
ibm websphere_datapower_integration_appliance_xi52_firmware 4.0.1
ibm websphere_datapower_integration_appliance_xi52_firmware 3.8.2
ibm websphere_datapower_integration_appliance_xi52 -
ibm websphere_datapower_integration_appliance_xi50_firmware 4.0.1
ibm websphere_datapower_integration_appliance_xi50_firmware 4.0.2
ibm websphere_datapower_integration_appliance_xi50_firmware 5.0.0
ibm websphere_datapower_integration_appliance_xi50_firmware 4.0
ibm websphere_datapower_integration_appliance_xi50_firmware 3.8.2
ibm websphere_datapower_integration_appliance_xi50 -
ibm websphere_datapower_b2b_appliance_xb62_firmware 4.0
ibm websphere_datapower_b2b_appliance_xb62_firmware 4.0.1
ibm websphere_datapower_b2b_appliance_xb62_firmware 3.8.2
ibm websphere_datapower_b2b_appliance_xb62_firmware 4.0.2
ibm websphere_datapower_b2b_appliance_xb62_firmware 5.0.0
ibm websphere_datapower_b2b_appliance_xb62 -

CWE-79 http://seclists.org/bugtraq/2013/May/83 http://www-01.ibm.com/support/docview.wss?uid=swg21637717 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/82221 https://nvd.nist.gov

CVE-2013-0499

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect