IBM884EAB42B2A9E6CCB653A2D2CE38566EBF6E2850198FFD848B36102E07E58FD1Security Bulletin: Invalid input vulnerability in InfoSphere BigInsights (CVE-2013-3993)
0.099 Low
EPSS
Percentile
94.9%
Summary
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
Vulnerability Details
CVE-2013-3993
**** DESCRIPTION:
Certain BigInsights APIs accept input parameters without parameter validation. These parameters can be manipulated to point to directories and files that the user does not have the right to access or that might contain malicious data/code.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84982 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Affected Products and Versions
IBM InfoSphere BigInsights version 1.1 through 3.0
Remediation/Fixes
For version 2.1 and 2.1.0.2: Upgrade to version InfoSphere BigInsights 2.1.0.3
For version 3.0: Upgrade to version InfoSphere BigInsights 3.0.0.1
For versions 1.1 through 2.0: Contact customer support.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm db2 big sql | eq | 1.1.0 | |
| ibm db2 big sql | eq | 1.2.0 | |
| ibm db2 big sql | eq | 1.3.0 | |
| ibm db2 big sql | eq | 1.4.0 | |
| ibm db2 big sql | eq | 2.0.0 | |
| ibm db2 big sql | eq | 2.1.0 | |
| ibm db2 big sql | eq | 3.0 |
Related
0.099 Low
EPSS
Percentile
94.9%