CVE-2013-4492 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
I18n Project	I18n
Redhat	Cloudforms Managementengine

Configuration 1 [-]

cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*

Package	CPE	Advisory	Released Date
CloudForms Management Engine 5.4
cfme-0:5.4.0.5-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
cfme-gemset-0:5.4.0.5-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
cfme-vnc-plugin-0:1.0.0-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
libdnet-0:1.12-11.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
lshw-0:B.02.16-4.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
netapp-manageability-sdk-0:4.0P1-3.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
open-vm-tools-0:9.2.3-5.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
prince-0:9.0r2-4.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
pyliblzma-0:0.5.3-7.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-ffi-0:1.9.8-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-io-extra-0:1.2.8-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-json-0:1.8.2-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-pg-0:0.12.2-9.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-psych-0:2.0.13-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
ruby200-rubygem-thin-0:1.3.1-9.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
sneakernet_ca-0:0.1-2.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
wmi-0:1.3.14-1.el6cf	cpe:/a:redhat:cloudforms_managementengine:5::el6	RHBA-2015:1100	2015-06-16T00:00:00Z
CloudForms Management Engine 5.7
cfme-0:5.7.1.3-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.7::el7	RHSA-2017:0320	2017-02-27T00:00:00Z
cfme-appliance-0:5.7.1.3-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.7::el7	RHSA-2017:0320	2017-02-27T00:00:00Z
cfme-gemset-0:5.7.1.3-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.7::el7	RHSA-2017:0320	2017-02-27T00:00:00Z
CloudForms Management Engine 5.9
ansible-0:2.4.3.0-1.el7ae	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
ansible-tower-0:3.1.5-3.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
bubblewrap-0:0.1.7-1.el7	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
cfme-0:5.9.0.22-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
cfme-amazon-smartstate-0:5.9.0.22-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
cfme-appliance-0:5.9.0.22-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
cfme-gemset-0:5.9.0.22-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
dbus-api-service-0:1.0.1-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
dumb-init-0:1.2.0-1.el7	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
erlang-0:19.0.4-1.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
freeipmi-0:1.5.1-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
google-compute-engine-0:2.0.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
google-config-0:2.0.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
httpd-configmap-generator-0:0.2.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
nginx-1:1.10.2-1.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
postgresql94-0:9.4.15-3PGDG.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
prince-0:9.0r2-10.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
python-crypto-0:2.6.1-16.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
python-jmespath-0:0.9.0-4.el7ae	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
python-meld3-0:0.6.10-1.el7	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
python-paramiko-0:2.1.1-2.el7ae	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
qpid-proton-0:0.19.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rabbitmq-server-0:3.6.9-1.el7at	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-postgresql95-postgresql-pglogical-0:2.1.0-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-postgresql95-repmgr-0:3.1.3-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-bcrypt-0:3.1.11-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-ffi-0:1.9.18-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-hamlit-0:2.7.5-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-http_parser.rb-0:0.6.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-json-0:2.0.4-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-linux_block_device-0:0.2.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-memory_buffer-0:0.1.0-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-nio4r-0:2.1.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-nokogiri-0:1.8.1-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-ovirt-engine-sdk4-0:4.2.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-pg-0:0.18.4-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-puma-0:3.7.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-qpid_proton-0:0.19.0-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-redhat_access_cfme-0:2.0.2-2.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-redhat_access_lib-0:1.1.4-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-rugged-0:0.25.1.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-sqlite3-0:1.3.13-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-unf_ext-0:0.0.7.4-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
rh-ruby23-rubygem-websocket-driver-0:0.6.5-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
smem-0:1.4-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
supervisor-0:3.1.4-1.el7	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z
wmi-0:1.3.14-7.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.9::el7	RHSA-2018:0380	2018-03-01T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html
http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
http://www.debian.org/security/2013/dsa-2830
http://www.securityfocus.com/bid/64076
https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ
https://nvd.nist.gov/vuln/detail/CVE-2013-4492
https://www.cve.org/CVERecord?id=CVE-2013-4492

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-12-07T00:00:00

Updated: 2024-08-06T16:45:15.048Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4492

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-07T00:55:03.663

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4492

Redhat

Severity : Moderate

Publid Date: 2013-12-04T00:00:00Z

Links: CVE-2013-4492 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:1930", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"}, {"name": "64076", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64076"}, {"name": "[ruby-security-ann] 20131203 [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"}, {"name": "DSA-2830", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2830"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:15.048Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:1930", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"}, {"name": "64076", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64076"}, {"name": "[ruby-security-ann] 20131203 [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"}, {"name": "DSA-2830", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2830"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4492", "datePublished": "2013-12-07T00:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "84799DFB-FD17-41B2-B8FB-41C86EE3634A", "versionEndIncluding": "0.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."}, {"lang": "es", "value": "Vulnerabilidad XSS en exceptions.rb en la gema i18n anterior a v0.6.6 para Ruby permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s una llamada manipulada I18n::MissingTranslationData.new."}], "id": "CVE-2013-4492", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-07T00:55:03.663", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2830"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/64076"}, {"source": "secalert@redhat.com", "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/64076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "cfme-0:5.4.0.5-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "cfme-gemset-0:5.4.0.5-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "cfme-vnc-plugin-0:1.0.0-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "libdnet-0:1.12-11.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "lshw-0:B.02.16-4.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "netapp-manageability-sdk-0:4.0P1-3.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "open-vm-tools-0:9.2.3-5.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "prince-0:9.0r2-4.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "pyliblzma-0:0.5.3-7.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-json-0:1.8.2-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-pg-0:0.12.2-9.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-psych-0:2.0.13-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby200-rubygem-thin-0:1.3.1-9.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "sneakernet_ca-0:0.1-2.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHBA-2015:1100", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "wmi-0:1.3.14-1.el6cf", "product_name": "CloudForms Management Engine 5.4", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHSA-2017:0320", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.7::el7", "package": "cfme-0:5.7.1.3-1.el7cf", "product_name": "CloudForms Management Engine 5.7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0320", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.7::el7", "package": "cfme-appliance-0:5.7.1.3-1.el7cf", "product_name": "CloudForms Management Engine 5.7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0320", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.7::el7", "package": "cfme-gemset-0:5.7.1.3-1.el7cf", "product_name": "CloudForms Management Engine 5.7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-0:2.4.3.0-1.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-tower-0:3.1.5-3.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "bubblewrap-0:0.1.7-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-amazon-smartstate-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-appliance-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-gemset-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dbus-api-service-0:1.0.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dumb-init-0:1.2.0-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "erlang-0:19.0.4-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "freeipmi-0:1.5.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "google-compute-engine-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "google-config-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "httpd-configmap-generator-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "nginx-1:1.10.2-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "postgresql94-0:9.4.15-3PGDG.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "prince-0:9.0r2-10.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-crypto-0:2.6.1-16.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-jmespath-0:0.9.0-4.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-meld3-0:0.6.10-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-paramiko-0:2.1.1-2.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "qpid-proton-0:0.19.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rabbitmq-server-0:3.6.9-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-postgresql95-postgresql-pglogical-0:2.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-postgresql95-repmgr-0:3.1.3-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-bcrypt-0:3.1.11-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-ffi-0:1.9.18-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-hamlit-0:2.7.5-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-http_parser.rb-0:0.6.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-json-0:2.0.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-linux_block_device-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-memory_buffer-0:0.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-nio4r-0:2.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-nokogiri-0:1.8.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-ovirt-engine-sdk4-0:4.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-pg-0:0.18.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-puma-0:3.7.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-qpid_proton-0:0.19.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-redhat_access_cfme-0:2.0.2-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-redhat_access_lib-0:1.1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-rugged-0:0.25.1.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-sqlite3-0:1.3.13-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-unf_ext-0:0.0.7.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-websocket-driver-0:0.6.5-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "smem-0:1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "supervisor-0:3.1.4-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "wmi-0:1.3.14-7.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}], "bugzilla": {"description": "rubygem-i18n: cross-site scripting flaw in exception handling", "id": "1039435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."], "name": "CVE-2013-4492", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "ror40-rubygem-i18n", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2013-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4492\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4492"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object