CVE-2013-0518

EPSS 0.2%
Published 10.05.2013 11:42:29
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Sterling Secure Proxy Version3.2.0.0

Ibm ≫ Sterling Secure Proxy Version3.3.0.1

Ibm ≫ Sterling Secure Proxy Version3.4.0.0

Ibm ≫ Sterling Secure Proxy Version3.4.1.0

Ibm ≫ Sterling Secure Proxy Version3.4.1.2

Ibm ≫ Sterling Secure Proxy Version3.4.1.5

Ibm ≫ Sterling Secure Proxy Version3.4.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.385

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www-01.ibm.com/support/docview.wss?uid=swg21636369

https://exchange.xforce.ibmcloud.com/vulnerabilities/83128

https://nvd.nist.gov/vuln/detail/CVE-2013-0518

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0518

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0518

EUVD