Lucene search

[email protected]NVD:CVE-2013-4022

HistorySep 25, 2013 - 10:31 a.m.

CVE-2013-4022

2013-09-2510:31:29

CWE-255

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Affected configurations

NVD

Node

ibmdata_studio_web_consoleMatch3.1.0

ibmdb2_recovery_expertMatch2.0

ibminfosphere_optim_configuration_managerMatch2.0

ibminfosphere_optim_configuration_managerMatch2.1

ibmoptim_performance_managerMatch5.1.0

References

www-01.ibm.com/support/docview.wss?uid=swg21650504

exchange.xforce.ibmcloud.com/vulnerabilities/85928

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for NVD:CVE-2013-4022

cvelist1 prion1 cve1 ibm1