PT-2013-2385 · Ibm · Ibm Websphere Datapower Appliances
Published
2013-05-28
·
Updated
2017-08-29
·
CVE-2013-0499
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere DataPower SOA appliances versions 3.8.2 through 5.0.0
Description
A cross-site scripting (XSS) issue exists in the echo functionality, allowing remote attackers to inject arbitrary web script or HTML via a SOAP message. This affects various services, including the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
Recommendations
For versions 3.8.2 through 5.0.0, consider disabling the echo functionality in the affected services until a patch is available. Restrict access to the XML Firewall, MPGW, Web Service Proxy, and Web Token services to minimize the risk of exploitation. Avoid using the echo functionality in SOAP messages until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Datapower Appliances