Lucene search

IbmCVE-2013-5426

HistoryDec 19, 2013 - 10:55 p.m.

CVE-2013-5426

2013-12-1922:55:04

CWE-287

ibm

web.nvd.nist.gov

cve-2013-5426

session fixation

ibm infosphere

master data management

collaborative edition

security vulnerability

remote authentication

web session hijacking

CVSS2

4.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

50.1%

JSON

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.

Affected configurations

Nvd

Node

ibminfosphere_master_data_management_collaboration_serverMatch10.0

ibminfosphere_master_data_management_collaboration_serverMatch10.1

ibminfosphere_master_data_management_collaboration_serverMatch11.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.1

VendorProductVersionCPE
ibminfosphere_master_data_management_collaboration_server10.0cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_collaboration_server10.1cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_collaboration_server11.0cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:11.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_master_data_management_collaboration_server	10.0	cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0:::::::*
ibm	infosphere_master_data_management_collaboration_server	10.1	cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.1:::::::*
ibm	infosphere_master_data_management_collaboration_server	11.0	cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:11.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	9.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	9.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21660082

exchange.xforce.ibmcloud.com/vulnerabilities/87535

CVSS2

4.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

50.1%

JSON

Related for CVE-2013-5426