CVE-2013-5442

{"id": "CVE-2013-5442", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-11-13T15:55:03.643", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/63642", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/63642", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de XSS en Local Management Interface (LMI) de dispositivos IBM Security Network Protection en XGS 5100 con firmware 5.1 anterior a la versi\u00f3n 5.1.0.6 y 5.1.1 anterior a 5.1.1.1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."}], "lastModified": "2024-11-21T01:57:28.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "853079DC-2990-4700-A69B-7FFC6E7175E7"}, {"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2B08CBB-4A15-4125-A8FA-6F64655A0BA0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}