CVE-2013-1614

{"id": "CVE-2013-1614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-07-08T17:55:02.863", "references": [{"url": "http://www.securityfocus.com/bid/60797", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/60797", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la consola de gesti\u00f3n de Java (tamb\u00eden conocida como Java console) en el componente \r\nSymantec Security Information Manager (SSIM) v4.7.x y v4.8.x anteriores a v4.8.1 permite a atacantes remotos ejecutar comandos web o HTML mediante vectores no especificados."}], "lastModified": "2024-11-21T01:50:00.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:security_information_manager:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "967A396D-A201-4CDC-8195-B242B7C09896"}, {"criteria": "cpe:2.3:a:symantec:security_information_manager:4.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA39F2EB-A426-4E16-AC82-0B2024E2755F"}, {"criteria": "cpe:2.3:a:symantec:security_information_manager:4.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEA47E86-6722-4812-9323-B9158B263A4E"}, {"criteria": "cpe:2.3:a:symantec:security_information_manager:4.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90F6954-C28D-4F03-AF53-ED0B38056828"}, {"criteria": "cpe:2.3:a:symantec:security_information_manager:4.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DA66B6A-D6CE-4C47-9B2A-8F2C53BDD40C"}, {"criteria": "cpe:2.3:a:symantec:security_information_manager:4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDD7629-C998-4B8F-B424-4093B671E961"}, {"criteria": "cpe:2.3:h:symantec:security_information_manager_appliance:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768F8400-0E0C-4A5D-8E70-F231C6A400C3"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}