IBM Advanced Management Module Cross-Site Scripting (XSS)

2013.08.13
Credit: Jens Regel
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Title: ====== IBM Advanced Management Module Cross-Site Scripting (XSS) CVE-ID: ======= CVE-2013-4007 Timeline: ========= 2013-06-10 Vulnerability discovered 2013-06-10 Reported to IBM Product Security Incident Response Team 2013-06-11 Vendor responded 2013-08-12 Official advisory and fix from IBM 2013-08-12 Public disclosure Introduction: ============= Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM Advanced Management Module. Status: ======= Published Affected Products: ================== IBM Advanced Management Module with firmware BPET64B (3.64B) Vendor Advisory: ================ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491 Details: ======== A remote attacker could exploit this vulnerability to execute a script in a victim's web browser within the security context of the hosting web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. This attack does require that the user clicking the vulnerable link be authenticated with a valid user ID and password. Proof of Concept: ================= http://ibm-amm-ip/private/adv_sw.php?WEBINDEX=<XSS> Fix: ==== The vulnerability is fixed in firmware v3.64G [BPET64G] Update Portal: http://www-933.ibm.com/support/fixcentral/ Author: ======= Jens Regel <jens[at]loxiran[dot]de> -- Jabber: loxiran@jabber.ccc.de ICQ: 19090972 Mail: jens@loxiran.de


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top