CVE-2013-0505

Name of the Vulnerable Software and Affected Versions IBM Sterling Order Management versions 8.0 through 8.0 before HF127 IBM Sterling Order Management versions 8.5 through 8.5 before HF89 IBM Sterling Order Management versions 9.0 through 9.0 before HF69 IBM Sterling Order Management versions 9.1.0 through 9.1.0 before FP41 IBM Sterling Order Management versions 9.2.0 through 9.2.0 before FP13

Description The issue allows remote authenticated users to conduct XPath injection attacks and read arbitrary XML files via unspecified vectors.

Recommendations For IBM Sterling Order Management version 8.0, update to HF127 or later. For IBM Sterling Order Management version 8.5, update to HF89 or later. For IBM Sterling Order Management version 9.0, update to HF69 or later. For IBM Sterling Order Management version 9.1.0, update to FP41 or later. For IBM Sterling Order Management version 9.2.0, update to FP13 or later.