PT-2013-2391 · Ibm · Ibm Sterling Order Management

Published

2013-03-19

·

Updated

2017-08-29

·

CVE-2013-0505

CVSS v2.0

5.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Sterling Order Management versions 8.0 through 8.0 before HF127 IBM Sterling Order Management versions 8.5 through 8.5 before HF89 IBM Sterling Order Management versions 9.0 through 9.0 before HF69 IBM Sterling Order Management versions 9.1.0 through 9.1.0 before FP41 IBM Sterling Order Management versions 9.2.0 through 9.2.0 before FP13
Description The issue allows remote authenticated users to conduct XPath injection attacks and read arbitrary XML files via unspecified vectors.
Recommendations For IBM Sterling Order Management version 8.0, update to HF127 or later. For IBM Sterling Order Management version 8.5, update to HF89 or later. For IBM Sterling Order Management version 9.0, update to HF69 or later. For IBM Sterling Order Management version 9.1.0, update to FP41 or later. For IBM Sterling Order Management version 9.2.0, update to FP13 or later.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

CVE-2013-0505

Affected Products

Ibm Sterling Order Management