CVE-2013-5407

Sažetak

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057
http://www-01.ibm.com/support/docview.wss?uid=swg21657539
https://exchange.xforce.ibmcloud.com/vulnerabilities/87356

CVSS

Base:	4.9
Impact:	4.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

21-12-2013 - 14:22