CVE-2013-5462
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.
Known Affected Software
3 configuration(s) from 1 vendor(s)
content_navigator
Version:
2.0.0
CPE:
cpe:2.3:a:ibm:content_navigator:2.0.0:*:*:*:*:*:*:*
content_navigator
Version:
2.0.2
CPE:
cpe:2.3:a:ibm:content_navigator:2.0.2:*:*:*:*:*:*:*
content_navigator
Version:
2.0.1
CPE:
cpe:2.3:a:ibm:content_navigator:2.0.1:*:*:*:*:*:*:*
This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660223psirt@us.ibm.com Vendor Advisory
-
http://www.securitytracker.com/id/1037704psirt@us.ibm.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88358psirt@us.ibm.com
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660223af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securitytracker.com/id/1037704af854a3a-2127-422b-91ae-364da2661108
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88358af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- December 19, 2013
