CVE-2013-0499

Name of the Vulnerable Software and Affected Versions IBM WebSphere DataPower SOA appliances versions 3.8.2 through 5.0.0

Description A cross-site scripting (XSS) issue exists in the echo functionality, allowing remote attackers to inject arbitrary web script or HTML via a SOAP message. This affects various services, including the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

Recommendations For versions 3.8.2 through 5.0.0, consider disabling the echo functionality in the affected services until a patch is available. Restrict access to the XML Firewall, MPGW, Web Service Proxy, and Web Token services to minimize the risk of exploitation. Avoid using the echo functionality in SOAP messages until the issue is resolved.