CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_secure_proxy:3.2.0.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.3.0.1:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.0.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.2:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.5:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.6:::::::*

History

21 Nov 2024, 01:47

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21636369 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21636369 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/83128 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/83128 -

Information

Published : 2013-05-10 11:42

Updated : 2024-11-21 01:47

NVD link : CVE-2013-0518

Mitre link : CVE-2013-0518

CVE.ORG link : CVE-2013-0518

JSON object : View

Products Affected

ibm

sterling_secure_proxy

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-0518", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-05-10T11:42:29.790", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83128", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83128", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."}, {"lang": "es", "value": "IBM Sterling Secure Proxy v3.2.0 y v3.3.01 anterior a v3.3.01.23 Interim Fix 1, v3.4.0 anterior a v3.4.0.6 Interim Fix 1, y v3.4.1 anterior a v3.4.1.7 no rechaza ser mostrada en marcos de diferentes or\u00edgenes, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos el realizar ataques de clickjacking a trav\u00e9s de un sitio web modificado."}], "lastModified": "2024-11-21T01:47:43.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76FE7EA7-FDF8-455D-B7B0-E16B0351AC4B"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B250B238-B5F7-4BD8-925F-A56FE09E7D38"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB04C5D8-4791-480F-9B94-F9AF50261EE2"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46AF20EF-6C11-4838-9916-99BEEAF90384"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA2E914D-19F8-4014-B20E-67A2B880F5AE"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC7085CC-C810-4360-8374-59A6B3E13F66"}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810C1644-6E69-413D-8AB8-C4CC45DC93DE"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}