CVE-2013-3997

{"id": "CVE-2013-3997", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-26T10:55:05.147", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667812", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/66360", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84986", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667812", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66360", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84986", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en la consola web de Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:54:41.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CBE42CA-7360-4EFB-96A1-69AA501F39A5"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DC89107-6C8B-4CBE-8447-D5CC671BA01A"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9286209C-B3B3-4B07-B074-1C5C4B241F84"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F9BC39-CF55-456C-B463-DCA20EE8051B"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0338ED25-41EC-4DFE-8003-9AD71928A582"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "994A78F4-61AD-4357-95B2-C7FF84DDA7FC"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B8A624-8424-426B-A476-8CE25E5152A8"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B66538E2-8A08-440E-8660-4279144068FA"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641A375A-E554-49C1-A47D-CA4E1DDB7EBA"}, {"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6C5863-F678-48C0-AF97-8C8AB4F9F77E"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667812\n\n\"Affected Products and Versions\n\nIBM InfoSphere BigInsights versions 1.1 through 2.1\"", "sourceIdentifier": "psirt@us.ibm.com"}