Title:
======
IBM Advanced Management Module Cross-Site Scripting (XSS)

CVE-ID:
=======
CVE-2013-4007

Timeline:
=========
2013-06-10 Vulnerability discovered
2013-06-10 Reported to IBM Product Security Incident Response Team
2013-06-11 Vendor responded
2013-08-12 Official advisory and fix from IBM
2013-08-12 Public disclosure

Introduction:
=============
Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of
IBM Advanced Management Module.

Status:
=======
Published

Affected Products:
==================
IBM Advanced Management Module with firmware BPET64B (3.64B)

Vendor Advisory:
================
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491

Details:
========
A remote attacker could exploit this vulnerability to execute a script
in a victim's web browser within the security context of the hosting web
site, once the URL is clicked. An attacker could use this vulnerability
to steal the victim's cookie-based authentication credentials. This
attack does require that the user clicking the vulnerable link be
authenticated with a valid user ID and password.

Proof of Concept:
=================
https://ibm-amm-ip/private/adv_sw.php?WEBINDEX=<XSS>

Fix:
====
The vulnerability is fixed in firmware v3.64G [BPET64G]
Update Portal: https://www-933.ibm.com/support/fixcentral/

Author:
=======
Jens Regel <jens[at]loxiran[dot]de>
-- 
Jabber: loxiran@jabber.ccc.de
ICQ: 19090972
Mail: jens@loxiran.de