CVE-2013-0505

CWE-20 — Improper Input Validation CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 61.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Multi-channel Fulfillment Solution IBM Sterling Selling AND Fulfillment Foundation

Timeline

PublishedMar 19

Latest updateMay 5

Description

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages2 packages

▶NVDibm/sterling_multi-channel_fulfillment_solution8.0

▶NVDibm/sterling_selling_and_fulfillment_foundation4 versions+3

🔴Vulnerability Details

GHSA

GHSA-9789-3997-xv2g: IBM Sterling Order Management 8↗2022-05-05

▶

CVEList

CVE-2013-0505: IBM Sterling Order Management 8↗2013-03-19

▶