CVE-2013-5400

An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87296
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87296

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:platform_symphony:5.2::::developer:::
	cpe:2.3:a:ibm:platform_symphony:6.1.0::::developer:::
	cpe:2.3:a:ibm:platform_symphony:6.1.1::::developer:::

History

21 Nov 2024, 01:57

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/87296 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/87296 -

Information

Published : 2014-02-14 13:10

Updated : 2024-11-21 01:57

NVD link : CVE-2013-5400

Mitre link : CVE-2013-5400

CVE.ORG link : CVE-2013-5400

JSON object : View

Products Affected

ibm

platform_symphony

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-5400", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-14T13:10:30.590", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87296", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87296", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain \"local environment\" access via unknown vectors."}, {"lang": "es", "value": "Un servlet no especificado en IBM Platform Symphony Developer Edition (DE) 5.2 y 6.1.x hasta 6.1.1 tiene las credenciales embebidas, lo que permite a atacantes remotos evadir la autenticaci\u00f3n y obtener acceso al \"entorno local\" a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T01:57:24.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:platform_symphony:5.2:*:*:*:developer:*:*:*", "vulnerable": true, "matchCriteriaId": "EBBB2174-B82A-4129-9ADB-A8AB28833992"}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:6.1.0:*:*:*:developer:*:*:*", "vulnerable": true, "matchCriteriaId": "74818384-5D69-4832-933E-1376928D3774"}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:6.1.1:*:*:*:developer:*:*:*", "vulnerable": true, "matchCriteriaId": "FFA668AD-763A-4AC1-A6C2-AACB872A5EF4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}