Lucene search

[email protected]CVE-2013-5420

HistoryDec 23, 2013 - 10:55 p.m.

CVE-2013-5420

2013-12-2322:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-5420

ims server

ibm security access manager

esso

log files

helpdesk privileges

nvd

6.7 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

40.0%

JSON

The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.

CPENameOperatorVersion
ibm:security_access_manager_for_enterprise_single_sign-onibm security access manager for enterprise single sign-oneq8.2

CPE	Name	Operator	Version
ibm:security_access_manager_for_enterprise_single_sign-on	ibm security access manager for enterprise single sign-on	eq	8.2

References

www-01.ibm.com/support/docview.wss?uid=swg21660211

exchange.xforce.ibmcloud.com/vulnerabilities/87482

6.7 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for CVE-2013-5420

prion1 cvelist1