Lucene search

[email protected]CVE-2013-6304

HistoryMar 06, 2014 - 11:55 a.m.

CVE-2013-6304

2014-03-0611:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6304

algo risk application

ara

ibm algo one

directory traversal

remote authenticated users

access restrictions

configuration file

jar file

security vulnerability

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.

CPENameOperatorVersion
ibm:algo_risk_applicationibm algo risk applicationeq4.5.1
ibm:algo_risk_applicationibm algo risk applicationeq2.5.2
ibm:algo_risk_applicationibm algo risk applicationeq2.5.3
ibm:algo_risk_applicationibm algo risk applicationeq4.9.0
ibm:algo_risk_applicationibm algo risk applicationeq2.5.7.2
ibm:algo_risk_applicationibm algo risk applicationeq4.5.4
ibm:algo_oneibm algo oneeq4.9.1
ibm:algo_risk_applicationibm algo risk applicationeq4.5.3
ibm:algo_risk_applicationibm algo risk applicationeq2.5.8
ibm:algo_risk_applicationibm algo risk applicationeq4.7.0

CPE	Name	Operator	Version
ibm:algo_risk_application	ibm algo risk application	eq	4.5.1
ibm:algo_risk_application	ibm algo risk application	eq	2.5.2
ibm:algo_risk_application	ibm algo risk application	eq	2.5.3
ibm:algo_risk_application	ibm algo risk application	eq	4.9.0
ibm:algo_risk_application	ibm algo risk application	eq	2.5.7.2
ibm:algo_risk_application	ibm algo risk application	eq	4.5.4
ibm:algo_one	ibm algo one	eq	4.9.1
ibm:algo_risk_application	ibm algo risk application	eq	4.5.3
ibm:algo_risk_application	ibm algo risk application	eq	2.5.8
ibm:algo_risk_application	ibm algo risk application	eq	4.7.0

Rows per page:

1-10 of 261

References

www-01.ibm.com/support/docview.wss?uid=swg21666093

www.securityfocus.com/bid/65929

exchange.xforce.ibmcloud.com/vulnerabilities/88535

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2013-6304

cvelist1 prion1 seebug1