Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
CVE-2013-3993
**** DESCRIPTION:
Certain BigInsights APIs accept input parameters without parameter validation. These parameters can be manipulated to point to directories and files that the user does not have the right to access or that might contain malicious data/code.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84982 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
IBM InfoSphere BigInsights version 1.1 through 3.0
For version 2.1 and 2.1.0.2: Upgrade to version InfoSphere BigInsights 2.1.0.3
For version 3.0: Upgrade to version InfoSphere BigInsights 3.0.0.1
For versions 1.1 through 2.0: Contact customer support.
CPE | Name | Operator | Version |
---|---|---|---|
ibm db2 big sql | eq | 1.1.0 | |
ibm db2 big sql | eq | 1.2.0 | |
ibm db2 big sql | eq | 1.3.0 | |
ibm db2 big sql | eq | 1.4.0 | |
ibm db2 big sql | eq | 2.0.0 | |
ibm db2 big sql | eq | 2.1.0 | |
ibm db2 big sql | eq | 3.0 |