Lucene search

IbmCVE-2013-5428

HistoryOct 22, 2013 - 11:17 a.m.

CVE-2013-5428

2013-10-2211:17:14

CWE-264

ibm

web.nvd.nist.gov

cve-2013-5428

ibm

websphere

datapower xc10

appliances

authentication

denial of service

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_datapower_xc10_applianceMatch-

AND

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.0

VendorProductVersionCPE
ibmwebsphere_datapower_xc10_appliance-cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.0cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_datapower_xc10_appliance	-	cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.0	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IC93164

www-01.ibm.com/support/docview.wss?uid=swg1IC96617

www.ibm.com/support/docview.wss?uid=swg21653546

exchange.xforce.ibmcloud.com/vulnerabilities/87560

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Related for CVE-2013-5428