CVE-2013-0505

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Selling And Fulfillment Foundation; Sterling Multi-channel Fulfillment Solution
Vendor: CVE Published:; 19 March 2013

Summary

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82339

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21631302

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 19, 2013
Vulnerability Reserved
Dec 16, 2012