CVE-2013-4024

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21650504	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85931
http://www-01.ibm.com/support/docview.wss?uid=swg21650504	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85931

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:data_studio_web_console:3.1.0:::::::*
	cpe:2.3:a:ibm:db2_recovery_expert:2.0:::::::*
	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:::::::*
	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:::::::*
	cpe:2.3:a:ibm:optim_performance_manager:5.1.0:::::::*

History

21 Nov 2024, 01:54

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21650504 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21650504 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/85931 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/85931 -

Information

Published : 2013-09-25 10:31

Updated : 2024-11-21 01:54

NVD link : CVE-2013-4024

Mitre link : CVE-2013-4024

CVE.ORG link : CVE-2013-4024

JSON object : View

Products Affected

ibm

optim_performance_manager
data_studio_web_console
infosphere_optim_configuration_manager
db2_recovery_expert

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-4024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-25T10:31:29.127", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650504", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85931", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650504", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85931", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network."}, {"lang": "es", "value": "IBM Data Studio Web Console 3.x anterior a la versi\u00f3n 3,2, Optim Performance Manager 5.x anterior a la versi\u00f3n 5.2, InfoSphere Optim Configuration Manager 2.x anterior a la versi\u00f3n 2.2, y DB2 Recovery Expert 2.x soporta HTTP en la Web Console, lo que permite a atacantes remotos leer cookies de sesi\u00f3n mediante la captura de tr\u00e1fico de red."}], "lastModified": "2024-11-21T01:54:43.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BCEE551-BA38-45A1-90CC-DD442D3FD78A"}, {"criteria": "cpe:2.3:a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65BFFDB7-6A9C-433B-9C54-ADBB12954631"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09177EE3-A02A-40D0-A404-BE86F64570DB"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF854DBF-2280-46D1-A5C7-DD9185C157A1"}, {"criteria": "cpe:2.3:a:ibm:optim_performance_manager:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB2A0D8-0D0E-4D1E-BB6A-790D34AA6985"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}