IBMD2432E5CAFAA28FB2BB7CAD76A0FED6D4809355FE363B6ED77851B05104220A9Security Bulletin: Multiple vulnerabilities in InfoSphere BigInsights (CVE-2013-3998, CVE-2013-3997)
0.001 Low
EPSS
Percentile
40.3%
Summary
InfoSphere BigInsights is vulnerable to HTTP response splitting and allows open redirects.
Vulnerability Details
CVE ID:CVE-2013-3998
DESCRIPTION:
The InfoSphere BigInsights Web Application Enterprise Console does not prevent HTTP response splitting. HTTP response splitting can be used to initiate a variety of attacks including cross-user defacement, cache poisoning, cross-site scripting, and page hijacking. Some of these issues can lead to an attacker gaining unauthorized access or collecting sensitive information.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2013-3997
DESCRIPTION:
The InfoSphere BigInsights Web Application Enterprise Console allows open redirects, which enable it to be used to redirect to a malicious site making phishing attacks easier.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84986 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N
Affected Products and Versions
IBM InfoSphere BigInsights versions 1.1 through 2.1
Remediation/Fixes
For Version 2.1, install InfoSphere BigInsights Fix Pack 2, which can be downloaded from Fix Central.
**_ _**For versions 1.1 through 2.0, contact customer support.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm db2 big sql | eq | 1.1.0 | |
| ibm db2 big sql | eq | 1.2.0 | |
| ibm db2 big sql | eq | 1.3.0 | |
| ibm db2 big sql | eq | 1.4.0 | |
| ibm db2 big sql | eq | 2.0.0 | |
| ibm db2 big sql | eq | 2.1.0 |
Related
0.001 Low
EPSS
Percentile
40.3%