CVE-2013-0571

Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS v2.0 2.9 LOW

2.9^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21635328	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/83246

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:application_support_facility:3.4.0:-::::aix::*
	cpe:2.3:a:ibm:application_support_facility:3.4.0:-::::linux_kernel::*
	cpe:2.3:a:ibm:application_support_facility:3.4.0:-::::windows::*
	cpe:2.3:a:ibm:application_support_facility:3.4.0:-::::z\/os::*
	cpe:2.3:a:ibm:document_connect_for_application_support_facility::::::::

History

No history.

Information

Published : 2013-04-27 03:16

Updated : 2024-02-04 18:16

NVD link : CVE-2013-0571

Mitre link : CVE-2013-0571

CVE.ORG link : CVE-2013-0571

JSON object : View

Products Affected

ibm

application_support_facility
document_connect_for_application_support_facility

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-0571", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-04-27T03:16:46.847", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635328", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83246", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en sitios cruzados en IBM Document Connect para Application Support Facility (tambi\u00e9n conocido como DC4ASF) anteriores va1.0.0.1218 en Application Support Facility (ASF) v3.4 para z/OS en Windows, Linux y AIX permite a atacantes remotos a inyectar c\u00f3digo web o HTML a trav\u00e9s de una URL manipulada."}], "lastModified": "2017-08-29T01:33:06.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:aix:*:*", "vulnerable": true, "matchCriteriaId": "7623E17C-E016-4C34-BFF5-835FFCF84B9A"}, {"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:linux_kernel:*:*", "vulnerable": true, "matchCriteriaId": "1935A724-42B2-43B2-92B9-34618235CBDE"}, {"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "65997783-AC40-4E4B-A539-DCE3C4768741"}, {"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:z\\/os:*:*", "vulnerable": true, "matchCriteriaId": "AB26C6CF-F463-4C1D-B108-A5BA788F03BD"}, {"criteria": "cpe:2.3:a:ibm:document_connect_for_application_support_facility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA8AEA0-9FEC-4008-8E8F-8BC425ACFDD2", "versionEndIncluding": "1.0.0.1204"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}