CVE-2013-0518

Published May 10, 2013

Last updated 7 years ago

Overview

Description: IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FE7EA7-FDF8-455D-B7B0-E16B0351AC4B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B250B238-B5F7-4BD8-925F-A56FE09E7D38"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB04C5D8-4791-480F-9B94-F9AF50261EE2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46AF20EF-6C11-4838-9916-99BEEAF90384"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA2E914D-19F8-4014-B20E-67A2B880F5AE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC7085CC-C810-4360-8374-59A6B3E13F66"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "810C1644-6E69-413D-8AB8-C4CC45DC93DE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References