CVE-2013-0578

{"id": "CVE-2013-0578", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-10T11:42:29.960", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636034", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83330", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI."}, {"lang": "es", "value": "Las APIs Sterling Order Management en IBM Sterling Multi-Channel Fulfillment Solution v8.0 anterior a HF128 y IBM Sterling Selling y Fulfillment Foundation 8.5 anterior a HF93, v9.0 anterior a HF73, v9.1.0 anterior a FP45, y v9.2.0 anterior a FP17, cuando la API de prueba esta habilitada, no requiere credenciales administrativas, lo que permite a los usuarios remotos autenticados obtener informaci\u00f3n sensible de bases de datos a trav\u00e9s de una solicitud a la URI de la API de pruebas."}], "lastModified": "2017-08-29T01:33:07.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_multi-channel_fulfillment_solution:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "019E1589-F72C-4024-9EF2-37B9CB54FDE6"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F67E9BBD-95B4-46E5-A980-72BFDFDAF9B6"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCAA2413-4055-4121-AEDE-E6F97428D351"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F5029B7-9CE0-44B2-A12D-6D51A04B1C4A"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "398EC0D4-2273-4C5E-BD60-273E2EA10055"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2992C75-CC4B-40D2-A107-527A4BD3BEC2"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86997623-ED4B-44CD-A74A-E31D136A395B"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C81F34C2-FDDE-4DEB-B3B6-7B50299F68C7"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E5B6C9C-2963-441D-844E-F1BBE103E6F6"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7436A337-88FD-4F97-8957-D6CD5319CB96"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9732B9B2-378E-4142-942B-2E792B00F2F2"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26F7A5AF-191F-47A3-8E62-D41B6E8F34FF"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC359F7-6BDF-4427-AFDB-E36CC2A85CDE"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6A235E8-9231-46DD-9699-99603A14762D"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D9A32B-A2D7-48CF-9F0B-FB745221A246"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "565B6588-323E-4633-8C6C-5ADF4AE47FF7"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C349A3A-2883-4183-9D66-8A0D230E7C8A"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D0BFD39-20EC-4454-960A-4D75064EC961"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB8BD4C9-DA50-4D0E-8809-071FEE60A999"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "928C51B7-0BB4-4C90-9353-9BB904F0EBAC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "843E8EC3-1965-48FE-8FB9-A6A08BDD4C67"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2CCDCDC-671C-44E3-AAE2-46FAE57205E5"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C7813E-424E-49F0-94C1-57740102591F"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D6E17EC-1B43-45C6-964F-9276667EEBD6"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFAB7A62-9828-451C-8B04-5B2D3A329552"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B278CD4-1710-419F-88EE-A48880D73B42"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2D7CEB-7E93-4901-A400-5CD684A476E9"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5817C2-0BBD-4F5B-8831-FC4B2C628C54"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CB3C56B-6436-43B2-9CB2-DCEC21B4734D"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1160E6A-A2DC-4D06-922D-C6CAE3734DBD"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CC495B-1160-4E0F-9DBC-200F940DD1B4"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F70D844-7980-4C4C-A3F6-5A8E338994E8"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72A9F9FE-FA2C-49A0-A7F3-3956AC41B058"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B431899-524C-45B7-948C-2766072768F2"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C77E75-AF19-4D62-89CD-975BB0CB0EE8"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1140D4E1-9600-4131-AAD6-9DEAD1BF23FE"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA025552-E704-4F46-8E62-3CFD628BD025"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE726D3E-E37C-4FE2-B5E6-E2AEE3C15E3E"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D079F7C-0BD9-4FA3-85E2-D562E8E5C0A0"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2441EA6F-98AA-4FEC-9247-6A8150CFE96E"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "052BB05B-1573-4163-9987-8177179A6871"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8385A7D3-E272-4358-8245-28E0C187054C"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F846E68-11F3-4877-8FC4-BD285789EAE8"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEC23876-C1F0-486D-B2C6-DAB21B0DDD3B"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE7A9C72-335D-4A36-A32C-A86C76FA0C23"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4235BFBA-2663-45AB-A0E1-D7FE5C161DAB"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC43B4B-D243-4A21-BA8D-6BEC2F20C231"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "014C49DF-790C-4D12-B2B4-D6732676F325"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B7FCDE-16A4-4A0E-9349-F6D2D4B35FA5"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E03FBE3-021E-4D25-8426-5DF89C1382CC"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECD27C3E-1491-41CF-96E9-56A32479BEDF"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE36402-4154-4C6F-99C6-DF5E139AA791"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0991736-56A9-4623-AA28-A693449C92D0"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBC014E2-250E-418E-B763-34B14757B48F"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72688E67-12CA-401D-976E-C66DC6D25A25"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B71F765-1019-4B63-8D31-A01D654A186E"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CE187CA-97B0-49FA-986D-060F82E9BFA3"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7068096-9BC1-48C6-B2E6-DD5084A1DF67"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44430DAC-857A-43B9-9DBE-58AC3D3F67D6"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DDFD7AE-8FAD-4E43-9CE3-E206D9005779"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F32344-6B36-44D6-92B1-D2A130F5A4B5"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6652468E-AFF7-4F53-A2FF-6FB5729CDCA3"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "406606D2-A04B-470C-B147-78F86F6A7823"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14F3941F-238E-420B-9670-4F9EB47D3A46"}, {"criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21D8AA80-B451-45E9-9FD3-E241777354D7"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21636034\r\n\r\n'AFFECTED PRODUCTS AND VERSIONS:\r\nIBM Sterling Selling and Fulfillment Foundation 9.2.0\r\nIBM Sterling Selling and Fulfillment Foundation 9.1.0\r\nIBM Sterling Selling and Fulfillment Foundation 9.0\r\nIBM Sterling Selling and Fulfillment Foundation 8.5\r\nIBM Sterling Multi-Channel Fulfillment Solution 8.0'", "sourceIdentifier": "psirt@us.ibm.com"}