{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"}, {"name": "was-datapower-echo-xss(82221)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"}, {"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2013/May/83"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2013-0499", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"}, {"name": "was-datapower-echo-xss(82221)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"}, {"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2013/May/83"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.355Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"}, {"name": "was-datapower-echo-xss(82221)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"}, {"name": "20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2013/May/83"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0499", "datePublished": "2013-05-28T16:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:25:10.355Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "52EF1C54-93CD-4B24-B553-0959A3816849", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "91AC9EFB-90F4-4608-9C36-CDE03234CE34", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE42F365-E83B-4DA8-B84A-E81F77CC63B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D25888C5-0200-4124-AE4F-D1989B9D0943", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB499F52-5A18-40F9-A63A-A7C0E2A79D2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "50016031-DAFB-420A-BC46-66C8D89681F4", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "C8DC137A-40F9-4E81-AE46-D1A512533FD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E83E70F-AB49-43F7-A873-A1C6B5429E1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "68324EA4-89EA-4752-B39D-DA13B7FC39A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "85315EC4-FCAF-44CC-8BF9-C85CAD3637BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF697743-6F1C-4C98-9EA2-E1EE1E7963CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45_virtual_edition:-:*:*:*:*:*:*:*", "matchCriteriaId": "0434DBE4-7EE5-4A9D-AB44-02DC114BBD55", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6BEC2F83-9C7F-44D9-A75B-BC5CDBCD61D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C1AE21E-2D17-44F9-A116-4A162DEA8F60", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11817A12-ED84-4EF4-97CF-F8EB95F7196A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F0B9D60E-8218-4A58-9DD3-CF4D8AEF7914", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7D77730-2F0E-4046-942F-ACDCF4C16439", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C6AC122-7C0B-42B3-B9FB-1E1F4E3C31FF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9EBDAA7-4D20-4328-A4D7-19C5493A9EDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5586C7C0-315B-4F3E-921B-30260A5A6238", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5ED9C5A0-274C-4CAF-84E2-3A59B48C890C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "126DDB17-7D0A-426C-9CC2-EFED785E8CDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED6E2091-AEC2-43FD-A5D3-B6F805C95CD7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8E7E192-0494-498C-BF20-7C2AF3102D0B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2346457F-39BA-407E-8451-D44FB947757E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A592E7D9-B5B8-45DD-AAF0-E380F7511AA4", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A570957F-5B26-46FD-B51B-E90C96EB4168", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "04EFE5AD-4652-4254-8AE9-D06F3453A808", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD176549-564F-49E8-9FDA-F4C263E5817F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52:-:*:*:*:*:*:*:*", "matchCriteriaId": "137D5F48-9118-4C2D-941A-8AEB48567443", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "AB95DC9D-D74B-45E1-AFB0-80F7A1F46FA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0833251B-E8A5-4E4A-B7CC-700E205509FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DD789CDF-5F99-4FD3-ADE2-36297310EADA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF02EAA9-1CDA-4C8C-AF34-E133AA3497D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E6B0888-C558-48EF-9C1B-4E169ECC70AD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi50:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EBB66F8-B497-404C-813A-A40E853054D6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "357A5629-DF00-483B-BD8F-CCD05CF8CFA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "122283E7-E514-4ED7-9529-A75CF236855B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "716DBA1D-16EE-4E87-BA6B-A444981392BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "513606F6-9E5C-45E9-86AE-332F1EDC06D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "390A7634-FDD9-4FB9-8641-31AB41168E85", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_b2b_appliance_xb62:-:*:*:*:*:*:*:*", "matchCriteriaId": "5257F9FA-F807-4D15-BF7C-8A9531619A50", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad echo en dispositivos SOA WebSphere DataPower de IBM con la versi\u00f3n de firmware 3.8.2, 4.0, 4.0.1, 4.0.2 y 5.0.0, permite a los atacantes remotos inyectar script web o HTML arbitrarios por medio de un mensaje SOAP, como es demostrado por los servicios Firewall XML, Multi Protocol Gateway (MPGW), Proxy de servicio web y Token web."}], "id": "CVE-2013-0499", "lastModified": "2024-11-21T01:47:41.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-05-28T16:55:01.133", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "http://seclists.org/bugtraq/2013/May/83"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/bugtraq/2013/May/83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637717"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}