Lucene search

IbmCVE-2013-5433

HistoryAug 12, 2014 - 12:55 a.m.

CVE-2013-5433

2014-08-1200:55:03

CWE-255

ibm

web.nvd.nist.gov

cve

2013

5433

ibm

infosphere optim

hardcoded credentials

sensitive information

xml document

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.001

Percentile

44.4%

JSON

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document.

Affected configurations

Nvd

Node

ibminfosphere_optim_data_growth_solution_for_siebel_crmMatch3.2

ibminfosphere_optim_data_growth_solution_for_siebel_crmMatch3.2.1

ibminfosphere_optim_data_growth_solution_for_siebel_crmMatch3.2.2

ibminfosphere_optim_data_growth_solution_for_siebel_crmMatch3.2.3

ibminfosphere_optim_data_growth_solution_for_siebel_crmMatch9.1

VendorProductVersionCPE
ibminfosphere_optim_data_growth_solution_for_siebel_crm3.2cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:*:*:*:*:*:*:*
ibminfosphere_optim_data_growth_solution_for_siebel_crm3.2.1cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:*:*:*:*:*:*:*
ibminfosphere_optim_data_growth_solution_for_siebel_crm3.2.2cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:*:*:*:*:*:*:*
ibminfosphere_optim_data_growth_solution_for_siebel_crm3.2.3cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:*:*:*:*:*:*:*
ibminfosphere_optim_data_growth_solution_for_siebel_crm9.1cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_optim_data_growth_solution_for_siebel_crm	3.2	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:::::::*
ibm	infosphere_optim_data_growth_solution_for_siebel_crm	3.2.1	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:::::::*
ibm	infosphere_optim_data_growth_solution_for_siebel_crm	3.2.2	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:::::::*
ibm	infosphere_optim_data_growth_solution_for_siebel_crm	3.2.3	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:::::::*
ibm	infosphere_optim_data_growth_solution_for_siebel_crm	9.1	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21680575

exchange.xforce.ibmcloud.com/vulnerabilities/87639

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.001

Percentile

44.4%

JSON

Related for CVE-2013-5433