Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7445B975C38C1E700FE8B4BCBE062A6F5254537F58DD8E50D4904197CF657D73
HistoryJun 15, 2018 - 6:59 a.m.

Security Bulletin: WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance client vulnerability (CVE-2013-6734)

2018-06-1506:59:29
www.ibm.com
7

EPSS

0.001

Percentile

45.4%

JSON

Summary

In certain configurations, a security vulnerability exists in WebSphere eXtreme Scale Client, the client that is used with WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance. WebSphere eXtreme Scale Client might allow cached HTTP session data of one user to be accessed by a different user when both users access the same web container.

Vulnerability Details

CVEID:CVE-2013-6734

DESCRIPTION:

In certain configurations, a security vulnerability in the WebSphere eXtreme Scale Client might allow the cached HTTP session data of one user to be accessed by a different user when both users access the same web container.

_CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: _(AV:N/AC:M/Au:S/C:P/I:N/A:N)

ACKNOWLEDGEMENT

None.

_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _

_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Affected Products and Versions

WebSphere eXtreme Scale V7.1.0
WebSphere eXtreme Scale V7.1.1
WebSphere eXtreme Scale V8.5.0
WebSphere eXtreme Scale V8.6.0
WebSphere DataPower XC10 Appliance V2.1
WebSphere DataPower XC10 Appliance V2.5

Remediation/Fixes

Product

| VRMF| APARS|

Link to Interim Fix or Fix Pack
—|—|—|—
WebSphere DataPower XC10 Appliance for appliance 7199-92X| Version 2.5.0.3| None| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.5.0-WS-DPXC10-7199-FP0000003&includeSupersedes=0
WebSphere DataPower XC10 Virtual Image| Version 2.5.0.3| None| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.5.0-WS-DPXC10-VIRT-FP0000003&includeSupersedes=0
WebSphere DataPower XC10 Appliance for appliance 7199-92X| Version 2.5.0| PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0.4-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere DataPower XC10 Virtual Image| Version 2.5.0| PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0.4-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere DataPower XC10 Appliance for appliance 9235-92X| Version 2.1.0| PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=7.1.1.1-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere DataPower XC10 Appliance for appliance 7199-92X| Version 2.1.0| PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=7.1.1.1-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere eXtreme Scale | Version 7.1.0.3| PI09901| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=7.1.0.3-WS-WXS-IFPI09901&includeSupersedes=0
WebSphere eXtreme Scale | Version 7.1.1.1 | PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=7.1.1.1-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere eXtreme Scale | Version 8.5.0.3 | PI06341| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.5.0.3-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere eXtreme Scale | Version 8.6.0.4| PI06341 | http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0.4-WS-WXS-IFPI06341&includeSupersedes=0
WebSphere eXtreme Scale | Version 8.6.0.5| None| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0-WS-WXS-FP0000005&includeSupersedes=0

Workarounds and Mitigations

None

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2013-6734
2014-02-22 21:55:09
prion
prion
Information disclosure
2014-02-22 21:55:00
cvelist
cvelist
CVE-2013-6734
2014-02-22 21:00:00
cve
cve
CVE-2013-6734
2014-02-22 21:55:09

EPSS

0.001

Percentile

45.4%

JSON
Related for 7445B975C38C1E700FE8B4BCBE062A6F5254537F58DD8E50D4904197CF657D73
nvd1prion1cvelist1cve1