CVE-2013-0499: XSS
First published: Tue May 28 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Websphere Datapower Xc10 Appliance Firmware | =3.8.2 | |
| Ibm Websphere Datapower Xc10 Appliance Firmware | =4.0 | |
| Ibm Websphere Datapower Xc10 Appliance Firmware | =4.0.1 | |
| Ibm Websphere Datapower Xc10 Appliance Firmware | =4.0.2 | |
| Ibm Websphere Datapower Xc10 Appliance Firmware | =5.0.0 | |
| IBM WebSphere DataPower XC10 Appliance | ||
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware | =3.8.2 | |
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware | =4.0 | |
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware | =4.0.1 | |
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware | =4.0.2 | |
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware | =5.0.0 | |
| Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition | ||
| Ibm Websphere Datapower Service Gateway Xg45 Firmware | =3.8.2 | |
| Ibm Websphere Datapower Service Gateway Xg45 Firmware | =4.0 | |
| Ibm Websphere Datapower Service Gateway Xg45 Firmware | =4.0.1 | |
| Ibm Websphere Datapower Service Gateway Xg45 Firmware | =4.0.2 | |
| Ibm Websphere Datapower Service Gateway Xg45 Firmware | =5.0.0 | |
| Ibm Websphere Datapower Service Gateway Xg45 | ||
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware | =3.8.2 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware | =4.0 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware | =4.0.1 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware | =4.0.2 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware | =5.0.0 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition | ||
| Ibm Websphere Datapower Integration Appliance Xi52 Firmware | =3.8.2 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Firmware | =4.0 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Firmware | =4.0.1 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Firmware | =4.0.2 | |
| Ibm Websphere Datapower Integration Appliance Xi52 Firmware | =5.0.0 | |
| Ibm Websphere Datapower Integration Appliance Xi52 | ||
| Ibm Websphere Datapower Integration Appliance Xi50 Firmware | =3.8.2 | |
| Ibm Websphere Datapower Integration Appliance Xi50 Firmware | =4.0 | |
| Ibm Websphere Datapower Integration Appliance Xi50 Firmware | =4.0.1 | |
| Ibm Websphere Datapower Integration Appliance Xi50 Firmware | =4.0.2 | |
| Ibm Websphere Datapower Integration Appliance Xi50 Firmware | =5.0.0 | |
| Ibm Websphere Datapower Integration Appliance Xi50 | ||
| Ibm Websphere Datapower B2b Appliance Xb62 Firmware | =3.8.2 | |
| Ibm Websphere Datapower B2b Appliance Xb62 Firmware | =4.0 | |
| Ibm Websphere Datapower B2b Appliance Xb62 Firmware | =4.0.1 | |
| Ibm Websphere Datapower B2b Appliance Xb62 Firmware | =4.0.2 | |
| Ibm Websphere Datapower B2b Appliance Xb62 Firmware | =5.0.0 | |
| Ibm Websphere Datapower B2b Appliance Xb62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/ibm
- canonical/ibm websphere datapower xc10 appliance firmware
- version/ibm websphere datapower xc10 appliance firmware/3.8.2
- version/ibm websphere datapower xc10 appliance firmware/4.0
- version/ibm websphere datapower xc10 appliance firmware/4.0.1
- version/ibm websphere datapower xc10 appliance firmware/4.0.2
- version/ibm websphere datapower xc10 appliance firmware/5.0.0
- canonical/ibm websphere datapower xc10 appliance
- canonical/ibm websphere datapower service gateway xg45 virtual edition firmware
- version/ibm websphere datapower service gateway xg45 virtual edition firmware/3.8.2
- version/ibm websphere datapower service gateway xg45 virtual edition firmware/4.0
- version/ibm websphere datapower service gateway xg45 virtual edition firmware/4.0.1
- version/ibm websphere datapower service gateway xg45 virtual edition firmware/4.0.2
- version/ibm websphere datapower service gateway xg45 virtual edition firmware/5.0.0
- canonical/ibm websphere datapower service gateway xg45 virtual edition
- canonical/ibm websphere datapower service gateway xg45 firmware
- version/ibm websphere datapower service gateway xg45 firmware/3.8.2
- version/ibm websphere datapower service gateway xg45 firmware/4.0
- version/ibm websphere datapower service gateway xg45 firmware/4.0.1
- version/ibm websphere datapower service gateway xg45 firmware/4.0.2
- version/ibm websphere datapower service gateway xg45 firmware/5.0.0
- canonical/ibm websphere datapower service gateway xg45
- canonical/ibm websphere datapower integration appliance xi52 virtual edition firmware
- version/ibm websphere datapower integration appliance xi52 virtual edition firmware/3.8.2
- version/ibm websphere datapower integration appliance xi52 virtual edition firmware/4.0
- version/ibm websphere datapower integration appliance xi52 virtual edition firmware/4.0.1
- version/ibm websphere datapower integration appliance xi52 virtual edition firmware/4.0.2
- version/ibm websphere datapower integration appliance xi52 virtual edition firmware/5.0.0
- canonical/ibm websphere datapower integration appliance xi52 virtual edition
- canonical/ibm websphere datapower integration appliance xi52 firmware
- version/ibm websphere datapower integration appliance xi52 firmware/3.8.2
- version/ibm websphere datapower integration appliance xi52 firmware/4.0
- version/ibm websphere datapower integration appliance xi52 firmware/4.0.1
- version/ibm websphere datapower integration appliance xi52 firmware/4.0.2
- version/ibm websphere datapower integration appliance xi52 firmware/5.0.0
- canonical/ibm websphere datapower integration appliance xi52
- canonical/ibm websphere datapower integration appliance xi50 firmware
- version/ibm websphere datapower integration appliance xi50 firmware/3.8.2
- version/ibm websphere datapower integration appliance xi50 firmware/4.0
- version/ibm websphere datapower integration appliance xi50 firmware/4.0.1
- version/ibm websphere datapower integration appliance xi50 firmware/4.0.2
- version/ibm websphere datapower integration appliance xi50 firmware/5.0.0
- canonical/ibm websphere datapower integration appliance xi50
- canonical/ibm websphere datapower b2b appliance xb62 firmware
- version/ibm websphere datapower b2b appliance xb62 firmware/3.8.2
- version/ibm websphere datapower b2b appliance xb62 firmware/4.0
- version/ibm websphere datapower b2b appliance xb62 firmware/4.0.1
- version/ibm websphere datapower b2b appliance xb62 firmware/4.0.2
- version/ibm websphere datapower b2b appliance xb62 firmware/5.0.0
- canonical/ibm websphere datapower b2b appliance xb62