CVE-2013-0482

3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.6%

top 30.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Message Broker

Timeline

PublishedMay 29

Latest updateMay 5

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/websphere_message_broker10 versions+9

▶NVDibm/websphere_application_server34 versions+33

🔴Vulnerability Details

GHSA

GHSA-fm76-74p2-rjp6: IBM WebSphere Application Server (WAS) 7↗2022-05-05

▶

CVEList

CVE-2013-0482: IBM WebSphere Application Server (WAS) 7↗2013-05-29

▶