CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmsterling_secure_proxy
3.2.0.0
ibmsterling_secure_proxy
3.3.0.1
ibmsterling_secure_proxy
3.4.0.0
ibmsterling_secure_proxy
3.4.1.0
ibmsterling_secure_proxy
3.4.1.2
ibmsterling_secure_proxy
3.4.1.5
ibmsterling_secure_proxy
3.4.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128