CVE-2013-1614

EPSS 0.35%
Published 08.07.2013 17:55:02
Last modified 11.04.2025 00:51:21
Source secure@symantec.com
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Security Information Manager Version4.7.0

Symantec ≫ Security Information Manager Version4.7.1

Symantec ≫ Security Information Manager Version4.7.2

Symantec ≫ Security Information Manager Version4.7.3

Symantec ≫ Security Information Manager Version4.7.4

Symantec ≫ Security Information Manager Version4.8.0

Symantec ≫ Security Information Manager Appliance Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.543

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00

Vendor Advisory

http://www.securityfocus.com/bid/60797

https://nvd.nist.gov/vuln/detail/CVE-2013-1614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1614

EUVD