Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6FFC70B18CE40221F0228D43E415E407533B5CB32E2043991C0022C70DA7C98D
HistorySep 25, 2022 - 11:13 p.m.

Security Bulletin: IBM Data Studio Web Console is susceptible to a “Directory Traversal Arbitrary File Download” vulnerability.

2022-09-2523:13:40
www.ibm.com
6
ibm
data studio
web console
vulnerability
directory traversal
arbitrary file download
upgrade
version 3.2

0.003 Low

EPSS

Percentile

69.2%

JSON

Abstract

IBM Data Studio Web Console versions 3.1.0 and 3.1.1 could allow a remote attacker to traverse directories on the file system. An attacker could exploit this vulnerability to view potentially sensitive system files.

Content

VULNERABILITY DETAILS

CVE ID:
CVE-2013-2981

DESCRIPTION:

This is only possible after the user has logged in to the web application successfully and if the server process has been started with an Operating System credential that has read privileges on the file accessed by the attacker. While this vulnerability does not impact the Data Studio Web Console process itself directly or the databases it monitors, a malicious attacker may be able to access sensitive files that are stored outside of the Data Studio Web Console install location.

CVSS:
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83973 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/AU:N/C:P/I:N/A:N)

AFFECTED PRODUCTS :

IBM Data Studio Web Console v3.1.0 and v3.1.1 on all supported operating systems.

REMEDIATION:

Fix(es):
Upgrade to IBM Data Studio Web Console 3.2 -http://www.ibm.com/developerworks/downloads/im/data/

Mitigation:
None

Workaround(s):
None

REFERENCES:

· Complete CVSS Guide_ _
· On-line Calculator V2
· X-Force Vulnerability Database (83973)_ _
· CVE-2013-2981

RELATED INFORMATION:

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Program

CHANGE HISTORY:

14 June 2013: Original publication

[{“Product”:{“code”:“SS62YD”,“label”:“IBM Data Studio”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“Web Console”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“3.1;3.1.1”,“Edition”:“”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”}}]

CPENameOperatorVersion
IBM Data Studioeq3.1
IBM Data Studioeq3.1.1

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Directory traversal
2013-06-17 11:38:00
cve
cve
CVE-2013-2981
2013-06-17 11:38:53
cvelist
cvelist
CVE-2013-2981
2013-06-17 10:00:00
nvd
nvd
CVE-2013-2981
2013-06-17 11:38:53

0.003 Low

EPSS

Percentile

69.2%

JSON
Related for 6FFC70B18CE40221F0228D43E415E407533B5CB32E2043991C0022C70DA7C98D
prion1cve1cvelist1nvd1