CVE-2013-0466

Published Feb 20, 2013

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "240F8B7E-D5F2-4450-97D2-45A4E427170D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F76DCB43-6AFF-4C58-B646-423A6CECCA14"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BC76D23-2211-40D8-8115-382BD7BA6ABD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD879AA3-9887-4C8F-BEDB-50A39D193C4C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA01CDC5-5725-460F-9DAD-B7F8094FAA69"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DF45543-2C8E-414B-AB66-10D4B59DDF5C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References