Security Bulletin
Summary
Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.
Vulnerability Details
Abstract
Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.Vulnerabily Details:|
CVE ID: CVE-2013-4007
Description:
A remote attacker could exploit this vulnerability to execute a
script in a victim's web browser within the security context of the
hosting web site, once the URL is clicked. An attacker could use
this vulnerability to steal the victim's cookie-based
authentication credentials. This attack does require that the user
clicking the vulnerable link be authenticated with a valid user ID
and password.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85274
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products:
AMM FW versions before BPET64G, BBET64G
Remediation:
The recommended solution is to apply the fix to all previous
versions as soon as practical. Please see below for information on
the fixes available
Fix:
Update AMM firmware version to BPET64G and BBET64G. Firmware can
be downloaded from IBM Fix
Central.
Workaround(s) & Mitigation(s):
NoneReferences:
Complete
CVSS Guide
On-line
Calculator V2
CVE-2013-4007
http://xforce.iss.net/xforce/xfdb/85274
Related Information:
IBM
Secure Engineering Web Portal
IBM
Product Security Incident Response Blog
IBM Fix
Central
Acknowledgement:
This vulnerability was reported to IBM by Jens Regel of
Schneider & Wulf EVD-Beratung.
Change History:
12 August 2013: Original copy published
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
18 April 2023
UID
ibm1MIGR-5093491