CVE-2013-4024

2013-09-2510:31:29

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-4024

ibm data studio

optim performance manager

infosphere optim configuration manager

db2 recovery expert

http access vulnerability

session cookies

network sniffing

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.8%

JSON

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

Affected configurations

NVD

Node

ibmdata_studio_web_consoleMatch3.1.0

ibmdb2_recovery_expertMatch2.0

ibminfosphere_optim_configuration_managerMatch2.0

ibminfosphere_optim_configuration_managerMatch2.1

ibmoptim_performance_managerMatch5.1.0

CPENameOperatorVersion
ibm:data_studio_web_consoleibm data studio web consoleeq3.1.0
ibm:db2_recovery_expertibm db2 recovery experteq2.0
ibm:infosphere_optim_configuration_manageribm infosphere optim configuration managereq2.0
ibm:infosphere_optim_configuration_manageribm infosphere optim configuration managereq2.1
ibm:optim_performance_manageribm optim performance managereq5.1.0

CPE	Name	Operator	Version
ibm:data_studio_web_console	ibm data studio web console	eq	3.1.0
ibm:db2_recovery_expert	ibm db2 recovery expert	eq	2.0
ibm:infosphere_optim_configuration_manager	ibm infosphere optim configuration manager	eq	2.0
ibm:infosphere_optim_configuration_manager	ibm infosphere optim configuration manager	eq	2.1
ibm:optim_performance_manager	ibm optim performance manager	eq	5.1.0