CVE-2013-0505

EPSS 0.17%
Published 19.03.2013 18:55:03
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Sterling Multi-channel Fulfillment Solution Version8.0

Ibm ≫ Sterling Selling And Fulfillment Foundation Version8.5

Ibm ≫ Sterling Selling And Fulfillment Foundation Version9.0

Ibm ≫ Sterling Selling And Fulfillment Foundation Version9.1.0

Ibm ≫ Sterling Selling And Fulfillment Foundation Version9.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.355

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571

http://www-01.ibm.com/support/docview.wss?uid=swg21631302

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/82339

https://nvd.nist.gov/vuln/detail/CVE-2013-0505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0505

EUVD