[email protected]CVE-2013-4058

HistoryMar 16, 2014 - 2:06 p.m.

CVE-2013-4058

2014-03-1614:06:44

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-4058

sql injection

ibm infosphere

information server

nvd

vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.

Affected configurations

NVD

Node

ibminfosphere_information_serverMatch8.5

ibminfosphere_information_serverMatch8.5.0.1

ibminfosphere_information_serverMatch8.5.0.2

ibminfosphere_information_serverMatch8.5.0.3

ibminfosphere_information_serverMatch8.7

ibminfosphere_information_serverMatch8.7.0.1

ibminfosphere_information_serverMatch8.7.0.2

ibminfosphere_information_serverMatch9.1

ibminfosphere_information_serverMatch9.1.0.1

ibminfosphere_information_serverMatch9.1.2

CPENameOperatorVersion
ibm:infosphere_information_serveribm infosphere information servereq8.5
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.1
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.2
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.3
ibm:infosphere_information_serveribm infosphere information servereq8.7
ibm:infosphere_information_serveribm infosphere information servereq8.7.0.1
ibm:infosphere_information_serveribm infosphere information servereq8.7.0.2
ibm:infosphere_information_serveribm infosphere information servereq9.1
ibm:infosphere_information_serveribm infosphere information servereq9.1.0.1
ibm:infosphere_information_serveribm infosphere information servereq9.1.2

CPE	Name	Operator	Version
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.2
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.3
ibm:infosphere_information_server	ibm infosphere information server	eq	8.7
ibm:infosphere_information_server	ibm infosphere information server	eq	8.7.0.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.7.0.2
ibm:infosphere_information_server	ibm infosphere information server	eq	9.1
ibm:infosphere_information_server	ibm infosphere information server	eq	9.1.0.1
ibm:infosphere_information_server	ibm infosphere information server	eq	9.1.2

References

www-01.ibm.com/support/docview.wss?uid=swg1JR48815

www-01.ibm.com/support/docview.wss?uid=swg1JR49200

www-01.ibm.com/support/docview.wss?uid=swg1JR49206

www-01.ibm.com/support/docview.wss?uid=swg21666684

www.securityfocus.com/bid/66155

exchange.xforce.ibmcloud.com/vulnerabilities/86547

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2013-4058

prion1 cvelist1 nvd1 ibm2