Vulnerability Details : CVE-2013-5462
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.
Vulnerability category: Input validation
Products affected by CVE-2013-5462
- cpe:2.3:a:ibm:content_navigator:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:content_navigator:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:content_navigator:2.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5462
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-5462
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5462
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660223
IBM Security Bulletin: IBM Content Navigator Potential Clickjacking Vulnerability (CVE-2013-5462)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88358
IBM Content Navigator clickjacking CVE-2013-5462 Vulnerability Report
-
http://www.securitytracker.com/id/1037704
IBM FileNet Content Manager ACCE Tool Lets Remote Users Conduct Clickjacking Attacks - SecurityTracker
Jump to