InfoSphere BigInsights is vulnerable to HTTP response splitting and allows open redirects.
CVE ID:CVE-2013-3998
DESCRIPTION:
The InfoSphere BigInsights Web Application Enterprise Console does not prevent HTTP response splitting. HTTP response splitting can be used to initiate a variety of attacks including cross-user defacement, cache poisoning, cross-site scripting, and page hijacking. Some of these issues can lead to an attacker gaining unauthorized access or collecting sensitive information.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2013-3997
DESCRIPTION:
The InfoSphere BigInsights Web Application Enterprise Console allows open redirects, which enable it to be used to redirect to a malicious site making phishing attacks easier.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84986 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N
IBM InfoSphere BigInsights versions 1.1 through 2.1
For Version 2.1, install InfoSphere BigInsights Fix Pack 2, which can be downloaded from Fix Central.
**_ _**For versions 1.1 through 2.0, contact customer support.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm db2 big sql | eq | 1.1.0 | |
ibm db2 big sql | eq | 1.2.0 | |
ibm db2 big sql | eq | 1.3.0 | |
ibm db2 big sql | eq | 1.4.0 | |
ibm db2 big sql | eq | 2.0.0 | |
ibm db2 big sql | eq | 2.1.0 |