Cross-Site Scripting Vulnerability in IBM Sterling Connect:Enterprise
CVE-2013-6327

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect Enterprise Http Option
Vendor: CVE Published:; 17 December 2013

Summary

A cross-site scripting vulnerability exists in the HTTP Option of IBM Sterling Connect:Enterprise versions prior to 1.3.0.2 iFix 1 and 1.4.0.0 iFix 1. This flaw enables remote attackers to inject arbitrary web scripts or HTML through undefined vectors, potentially compromising user data and session integrity through cross-frame scripting techniques.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/88908

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21659907

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 17, 2013
Vulnerability Reserved
Oct 31, 2013