[VIM] [CVENEW] New CVE CANs: 2013/03/19 14:00 ; count=5

coley at mitre.org coley at mitre.org
Tue Mar 19 13:04:28 CDT 2013


======================================================
Name: CVE-2012-4223
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4223
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20120808
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: The
CNA or individual who requested this candidate did not associate it
with any vulnerability during 2012.  Notes: none.



======================================================
Name: CVE-2012-4224
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4224
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20120808
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: The
CNA or individual who requested this candidate did not associate it
with any vulnerability during 2012.  Notes: none.



======================================================
Name: CVE-2013-0505
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0505
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21631302
Reference: AIXAPAR:ID358571
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571
Reference: XF:sterling-om-xpath-injection(82339)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82339

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0
before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote
authenticated users to conduct XPath injection attacks, and read
arbitrary XML files, via unspecified vectors.



======================================================
Name: CVE-2013-0506
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0506
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21631302
Reference: AIXAPAR:IC90858
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IC90858
Reference: XF:sterling-om-address-xss(82341)
Reference: URL:http://xforce.iss.net/xforce/xfdb/82341

Cross-site scripting (XSS) vulnerability in IBM Sterling Order
Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0
before FP41, and 9.2.0 before FP13 allows remote authenticated users
to inject arbitrary web script or HTML via unspecified vectors.



======================================================
Name: CVE-2013-0717
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0717
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121228
Category: 
Reference: CONFIRM:http://jpn.nec.com/security-info/secinfo/nv13-005.html
Reference: CONFIRM:http://jvn.jp/en/jp/JVN59503133/6443/index.html
Reference: JVN:JVN#59503133
Reference: URL:http://jvn.jp/en/jp/JVN59503133/index.html
Reference: JVNDB:JVNDB-2013-000024
Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024

Multiple cross-site request forgery (CSRF) vulnerabilities in the
web-based management utility on the NEC AtermWR9500N, AtermWR8600N,
AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers
allow remote attackers to hijack the authentication of administrators
for requests that (1) initialize settings or (2) reboot the device.





More information about the VIM mailing list