← back
CVE-2018-1513

CVE-2018-1513

CVSS 5.4 MEDIUMEPSS 2.9%
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.4EPSS 2.9%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
23 Jul 2018Published on NVD
13 Aug 2018Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.
CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O
Affected products
IBM · Sterling B2B Integrator
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45190/unverifiedexploitdbwww.exploit-db.com/exploits/45190unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/141551https://www.exploit-db.com/exploits/45190/http://www.ibm.com/support/docview.wss?uid=ibm10717031http://www.securityfocus.com/bid/104910