CVE-2013-4024

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21650504	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85931

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:data_studio_web_console:3.1.0:::::::*
	cpe:2.3:a:ibm:db2_recovery_expert:2.0:::::::*
	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:::::::*
	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:::::::*
	cpe:2.3:a:ibm:optim_performance_manager:5.1.0:::::::*

History

No history.

Information

Published : 2013-09-25 10:31

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4024

Mitre link : CVE-2013-4024

CVE.ORG link : CVE-2013-4024

JSON object : View

Products Affected

ibm

db2_recovery_expert
optim_performance_manager
infosphere_optim_configuration_manager
data_studio_web_console

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-4024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-25T10:31:29.127", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650504", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85931", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network."}, {"lang": "es", "value": "IBM Data Studio Web Console 3.x anterior a la versi\u00f3n 3,2, Optim Performance Manager 5.x anterior a la versi\u00f3n 5.2, InfoSphere Optim Configuration Manager 2.x anterior a la versi\u00f3n 2.2, y DB2 Recovery Expert 2.x soporta HTTP en la Web Console, lo que permite a atacantes remotos leer cookies de sesi\u00f3n mediante la captura de tr\u00e1fico de red."}], "lastModified": "2017-08-29T01:33:33.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BCEE551-BA38-45A1-90CC-DD442D3FD78A"}, {"criteria": "cpe:2.3:a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65BFFDB7-6A9C-433B-9C54-ADBB12954631"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09177EE3-A02A-40D0-A404-BE86F64570DB"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF854DBF-2280-46D1-A5C7-DD9185C157A1"}, {"criteria": "cpe:2.3:a:ibm:optim_performance_manager:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB2A0D8-0D0E-4D1E-BB6A-790D34AA6985"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}