CVE-2013-0505

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sterling_multi-channel_fulfillment_solution:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:47

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571 - () http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21631302 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21631302 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/82339 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/82339 -

Information

Published : 2013-03-19 18:55

Updated : 2024-11-21 01:47


NVD link : CVE-2013-0505

Mitre link : CVE-2013-0505

CVE.ORG link : CVE-2013-0505


JSON object : View

Products Affected

ibm

  • sterling_selling_and_fulfillment_foundation
  • sterling_multi-channel_fulfillment_solution
CWE
CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor