CVE-2013-0548: XSS
First published: Fri Jun 21 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Monitoring | =6.2.0 | |
| IBM Tivoli Monitoring | =6.2.0.1 | |
| IBM Tivoli Monitoring | =6.2.0.2 | |
| IBM Tivoli Monitoring | =6.2.0.3 | |
| IBM Tivoli Monitoring | =6.2.1 | |
| IBM Tivoli Monitoring | =6.2.1.1 | |
| IBM Tivoli Monitoring | =6.2.1.2 | |
| IBM Tivoli Monitoring | =6.2.1.3 | |
| IBM Tivoli Monitoring | =6.2.1.4 | |
| IBM Tivoli Monitoring | =6.2.2 | |
| IBM Tivoli Monitoring | =6.2.2.1 | |
| IBM Tivoli Monitoring | =6.2.2.2 | |
| IBM Tivoli Monitoring | =6.2.2.3 | |
| IBM Tivoli Monitoring | =6.2.2.4 | |
| IBM Tivoli Monitoring | =6.2.2.5 | |
| IBM Tivoli Monitoring | =6.2.2.6 | |
| IBM Tivoli Monitoring | =6.2.2.7 | |
| IBM Tivoli Monitoring | =6.2.2.8 | |
| IBM Tivoli Monitoring | =6.2.2.9 | |
| IBM Tivoli Monitoring | =6.2.3 | |
| IBM Tivoli Monitoring | =6.2.3.1 | |
| IBM Tivoli Monitoring | =6.2.3.2 | |
| IBM Application Manager for Smart Business | =1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116
- http://www-01.ibm.com/support/docview.wss?uid=swg21635080
- http://www-01.ibm.com/support/docview.wss?uid=swg21640752
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82767
Frequently Asked Questions
What is the severity of CVE-2013-0548?
The severity of CVE-2013-0548 is categorized as medium risk due to the potential for cross-site scripting attacks.
How do I fix CVE-2013-0548?
To fix CVE-2013-0548, you should apply the latest updates or patches provided by IBM for the affected versions of Tivoli Monitoring.
Which versions of IBM Tivoli Monitoring are affected by CVE-2013-0548?
CVE-2013-0548 affects IBM Tivoli Monitoring versions 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3.
What kind of vulnerabilities does CVE-2013-0548 involve?
CVE-2013-0548 involves multiple cross-site scripting (XSS) vulnerabilities.
Is there a workaround for CVE-2013-0548 if I cannot patch immediately?
A possible workaround for CVE-2013-0548 is to disable certain functionalities of the Basic Services component until the patch is applied.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm tivoli monitoring
- version/ibm tivoli monitoring/6.2.0
- version/ibm tivoli monitoring/6.2.0.1
- version/ibm tivoli monitoring/6.2.0.2
- version/ibm tivoli monitoring/6.2.0.3
- version/ibm tivoli monitoring/6.2.1
- version/ibm tivoli monitoring/6.2.1.1
- version/ibm tivoli monitoring/6.2.1.2
- version/ibm tivoli monitoring/6.2.1.3
- version/ibm tivoli monitoring/6.2.1.4
- version/ibm tivoli monitoring/6.2.2
- version/ibm tivoli monitoring/6.2.2.1
- version/ibm tivoli monitoring/6.2.2.2
- version/ibm tivoli monitoring/6.2.2.3
- version/ibm tivoli monitoring/6.2.2.4
- version/ibm tivoli monitoring/6.2.2.5
- version/ibm tivoli monitoring/6.2.2.6
- version/ibm tivoli monitoring/6.2.2.7
- version/ibm tivoli monitoring/6.2.2.8
- version/ibm tivoli monitoring/6.2.2.9
- version/ibm tivoli monitoring/6.2.3
- version/ibm tivoli monitoring/6.2.3.1
- version/ibm tivoli monitoring/6.2.3.2
- canonical/ibm application manager for smart business
- version/ibm application manager for smart business/1.2.1