Vulnerability Details : CVE-2013-4059
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2013-4059
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4059
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-4059
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4059
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86548
IBM Infosphere Information Server cross-site scripting CVE-2013-4059 Vulnerability Report
-
http://www.securityfocus.com/bid/66151
IBM InfoSphere Information Server CVE-2013-4059 Cross Site Scripting Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206
IBM JR49206: Web UI vulnerabilities could lead to phishing attacks
-
http://www-01.ibm.com/support/docview.wss?uid=swg21666684
IBM Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200
IBM JR49200: Web UI vulnerabilities could lead to blind SQL injection attacks
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815
IBM JR48815: XML PACK VULNERABILITIES THAT COULD LEAD TO PHISHING ATTACKS
Products affected by CVE-2013-4059
- cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server:9.1.2:*:*:*:*:*:*:*