{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "sterling-om-xpath-injection(82339)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82339"}, {"name": "ID358571", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0505", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sterling-om-xpath-injection(82339)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82339"}, {"name": "ID358571", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.446Z"}, "title": "CVE Program Container", "references": [{"name": "sterling-om-xpath-injection(82339)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82339"}, {"name": "ID358571", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0505", "datePublished": "2013-03-19T18:00:00.000Z", "dateReserved": "2012-12-16T00:00:00.000Z", "dateUpdated": "2024-08-06T14:25:10.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_multi-channel_fulfillment_solution:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "019E1589-F72C-4024-9EF2-37B9CB54FDE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "F67E9BBD-95B4-46E5-A980-72BFDFDAF9B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCAA2413-4055-4121-AEDE-E6F97428D351", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "843E8EC3-1965-48FE-8FB9-A6A08BDD4C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F5029B7-9CE0-44B2-A12D-6D51A04B1C4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors."}, {"lang": "es", "value": "IBM Sterling Order Management v8.0 anterior a HF127, 8.5 anterior a HF89, v9.0 anterior HF69, v9.1.0 anterior FP41, y v9.2.0 anterior FP13, permite a usuarios autenticados remotamente llevar a cabo ataques de inyecci\u00f3n XPath y leer archivos XML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-0505", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-19T18:55:03.303", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82339"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}