Lucene search

[email protected]NVD:CVE-2013-4025

HistorySep 25, 2013 - 10:31 a.m.

CVE-2013-4025

2013-09-2510:31:29

CWE-264

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.8%

JSON

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

NVD

Node

ibmdata_studio_web_consoleMatch3.1.0

ibmdb2_recovery_expertMatch2.0

ibminfosphere_optim_configuration_managerMatch2.0

ibminfosphere_optim_configuration_managerMatch2.1

ibmoptim_performance_managerMatch5.1.0

References

www-01.ibm.com/support/docview.wss?uid=swg21650504

exchange.xforce.ibmcloud.com/vulnerabilities/85933

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.8%

JSON

Related for NVD:CVE-2013-4025

cvelist1 cve1 prion1 ibm1