CVE-2013-5407
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/12/2013
Last modified:
11/04/2025
Description
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057
- http://www-01.ibm.com/support/docview.wss?uid=swg21657539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87356
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057
- http://www-01.ibm.com/support/docview.wss?uid=swg21657539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87356