Title: ====== IBM Advanced Management Module Cross-Site Scripting (XSS) CVE-ID: ======= CVE-2013-4007 Timeline: ========= 2013-06-10 Vulnerability discovered 2013-06-10 Reported to IBM Product Security Incident Response Team 2013-06-11 Vendor responded 2013-08-12 Official advisory and fix from IBM 2013-08-12 Public disclosure Introduction: ============= Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM Advanced Management Module. Status: ======= Published Affected Products: ================== IBM Advanced Management Module with firmware BPET64B (3.64B) Vendor Advisory: ================ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491 Details: ======== A remote attacker could exploit this vulnerability to execute a script in a victim's web browser within the security context of the hosting web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. This attack does require that the user clicking the vulnerable link be authenticated with a valid user ID and password. Proof of Concept: ================= http://ibm-amm-ip/private/adv_sw.php?WEBINDEX=<XSS> Fix: ==== The vulnerability is fixed in firmware v3.64G [BPET64G] Update Portal: http://www-933.ibm.com/support/fixcentral/ Author: ======= Jens Regel <jens[at]loxiran[dot]de> -- Jabber: loxiran@jabber.ccc.de ICQ: 19090972 Mail: jens@loxiran.de