Lucene search

[email protected]CVE-2013-6304

HistoryMar 06, 2014 - 11:55 a.m.

CVE-2013-6304

2014-03-0611:55:05

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6304

algo risk application

ara

ibm algo one

directory traversal

remote authenticated users

access restrictions

configuration file

jar file

security vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.8%

JSON

Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.

Affected configurations

NVD

Node

ibmalgo_oneMatch4.9.1

ibmalgo_risk_applicationMatch2.4.0.1

ibmalgo_risk_applicationMatch2.4.1

ibmalgo_risk_applicationMatch2.4.2

ibmalgo_risk_applicationMatch2.5.0

ibmalgo_risk_applicationMatch2.5.1

ibmalgo_risk_applicationMatch2.5.2

ibmalgo_risk_applicationMatch2.5.3

ibmalgo_risk_applicationMatch2.5.4

ibmalgo_risk_applicationMatch2.5.5

ibmalgo_risk_applicationMatch2.5.5.2

ibmalgo_risk_applicationMatch2.5.6

ibmalgo_risk_applicationMatch2.5.7.1

ibmalgo_risk_applicationMatch2.5.7.2

ibmalgo_risk_applicationMatch2.5.8

ibmalgo_risk_applicationMatch4.5.1

ibmalgo_risk_applicationMatch4.5.2

ibmalgo_risk_applicationMatch4.5.3

ibmalgo_risk_applicationMatch4.5.4

ibmalgo_risk_applicationMatch4.6.0

ibmalgo_risk_applicationMatch4.6.1

ibmalgo_risk_applicationMatch4.7.0

ibmalgo_risk_applicationMatch4.7.1

ibmalgo_risk_applicationMatch4.8.0

ibmalgo_risk_applicationMatch4.9.0

ibmalgo_risk_applicationMatch4.9.1

CPENameOperatorVersion
ibm:algo_oneibm algo oneeq4.9.1
ibm:algo_risk_applicationibm algo risk applicationeq2.4.0.1
ibm:algo_risk_applicationibm algo risk applicationeq2.4.1
ibm:algo_risk_applicationibm algo risk applicationeq2.4.2
ibm:algo_risk_applicationibm algo risk applicationeq2.5.0
ibm:algo_risk_applicationibm algo risk applicationeq2.5.1
ibm:algo_risk_applicationibm algo risk applicationeq2.5.2
ibm:algo_risk_applicationibm algo risk applicationeq2.5.3
ibm:algo_risk_applicationibm algo risk applicationeq2.5.4
ibm:algo_risk_applicationibm algo risk applicationeq2.5.5

CPE	Name	Operator	Version
ibm:algo_one	ibm algo one	eq	4.9.1
ibm:algo_risk_application	ibm algo risk application	eq	2.4.0.1
ibm:algo_risk_application	ibm algo risk application	eq	2.4.1
ibm:algo_risk_application	ibm algo risk application	eq	2.4.2
ibm:algo_risk_application	ibm algo risk application	eq	2.5.0
ibm:algo_risk_application	ibm algo risk application	eq	2.5.1
ibm:algo_risk_application	ibm algo risk application	eq	2.5.2
ibm:algo_risk_application	ibm algo risk application	eq	2.5.3
ibm:algo_risk_application	ibm algo risk application	eq	2.5.4
ibm:algo_risk_application	ibm algo risk application	eq	2.5.5

Rows per page:

1-10 of 261

References

www-01.ibm.com/support/docview.wss?uid=swg21666093

www.securityfocus.com/bid/65929

exchange.xforce.ibmcloud.com/vulnerabilities/88535

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for CVE-2013-6304

cvelist1 nvd1 prion1 seebug1