Unrated severityNVD Advisory· Published May 28, 2013· Updated Apr 29, 2026

CVE-2013-0499

Description

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

Affected products

IBM/Websphere Datapower B2b Appliance Xb62
cpe:2.3:h:ibm:websphere_datapower_b2b_appliance_xb62:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi50
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi50:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi52
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi52 Virtual Edition
cpe:2.3:h:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Service Gateway Xg45
cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Service Gateway Xg45 Virtual Edition
cpe:2.3:h:ibm:websphere_datapower_service_gateway_xg45_virtual_edition:-:*:*:*:*:*:*:*
IBM/Websphere Datapower Xc10 Appliance
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*
IBM/Websphere Datapower B2b Appliance Xb62 Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_b2b_appliance_xb62_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi50 Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi50_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi52 Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_integration_appliance_xi52_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Service Gateway Xg45 Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_service_gateway_xg45_virtual_edition_firmware:5.0.0:*:*:*:*:*:*:*
IBM/Websphere Datapower Xc10 Appliance Firmware5 versions
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:3.8.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:5.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/bugtraq/2013/May/83nvdExploit
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txtnvdExploit
www-01.ibm.com/support/docview.wssnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/82221nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000