CVE-2013-0499

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware; Websphere Datapower Xc10 Appliance
Vendor: CVE Published:; 28 May 2013

Summary

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/82221

vdb-entryx_refsource_XF

http://seclists.org/bugtraq/2013/May/83

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 28, 2013
Vulnerability Reserved
Dec 16, 2012