Lucene search

[email protected]CVE-2013-4000

HistoryDec 14, 2013 - 10:55 p.m.

CVE-2013-4000

2013-12-1422:55:02

CWE-352

[email protected]

web.nvd.nist.gov

ibm

cognos

command center

csrf

vulnerabilities

nvd

cve-2013-4000

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.

Affected configurations

NVD

Node

ibmcognos_command_centerRange≤10.1

ibmcognos_command_centerMatch10.0

CPENameOperatorVersion
ibm:cognos_command_centeribm cognos command centerle10.1
ibm:cognos_command_centeribm cognos command centereq10.0

CPE	Name	Operator	Version
ibm:cognos_command_center	ibm cognos command center	le	10.1
ibm:cognos_command_center	ibm cognos command center	eq	10.0

References

www-01.ibm.com/support/docview.wss?uid=swg21657932

exchange.xforce.ibmcloud.com/vulnerabilities/85150

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for CVE-2013-4000

prion1 cvelist1 seebug1 nvd1 ibm1