CVE-2013-0518

IBM Sterling Secure Proxy <3.3.01.23-3.4.1.7 - CSRF

Title source: llm
STIX 2.1

Description

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21636369

Scores

EPSS 0.0080
EPSS Percentile 52.2%

Details

CWE
CWE-20
Status published
Products (7)
ibm/sterling_secure_proxy 3.2.0.0
ibm/sterling_secure_proxy 3.3.0.1
ibm/sterling_secure_proxy 3.4.0.0
ibm/sterling_secure_proxy 3.4.1.0
ibm/sterling_secure_proxy 3.4.1.2
ibm/sterling_secure_proxy 3.4.1.5
ibm/sterling_secure_proxy 3.4.1.6
Published May 10, 2013
Tracked Since Feb 18, 2026