Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD528ED13CE94BD3AD578805ECDB64D7EA5C3516CA150722E47C2A3935A1E1A2F
HistoryJan 31, 2019 - 1:25 a.m.

Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2013-5423)

2019-01-3101:25:01
www.ibm.com
5

0.005 Low

EPSS

Percentile

75.3%

JSON

Summary

IBM Flex System Manager (FSM) is affected by a vulnerability that could allow for a user enumeration attack.

Vulnerability Details

Abstract

IBM Flex System Manager (FSM) is affected by a vulnerability that could allow for a user enumeration attack.

Content

Vulnerability Details:

CVE-ID: CVE-2013-5423 **
Description:** IBM Flex System Manager allows an unauthorized attacker to enumerate the list of user accounts. This information could be used to help gain unauthorized access to the FSM.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/87485&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected products and versions

From the FSM command line enter lsconfig -V to determine the level of FSM installed.

  • Flex System Manager 1.1.x.x
  • Flex System Manager 1.2.0.x
  • Flex System Manager 1.2.1.x
  • Flex System Manager 1.3.0.x
  • Flex System Manager 1.3.1.x

NON-AFFECTED PRODUCTS and VERSIONS

  • Flex System Manager 1.3.2.x

Remediation:

Product VRMF APAR Remediation
Flex System Manager 1.1.x.x IT00278 Upgrade to FSM 1.3.2.0, or open a PMR with support to request an APAR
Flex System Manager 1.2.0.x IT00278 fsmfix1.2.0.0_IT00278
Flex System Manager 1.2.1.x IT00278 fsmfix1.2.1.0_IT00278
Flex System Manager 1.3.0.x IT00278 fsmfix1.3.0.0_IT00278
Flex System Manager 1.3.1.x IT00278 fsmfix1.3.1.0_IT00278

Workaround(s) & Mitigation(s):

None known

References:

Related Information:
IBM Secure Engineering Web Portal

Acknowledgement
None

Change History
1 July 2014_: Original Copy Published_

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

nvd 1
prion 1
cvelist 1
cve 1
ibm 1
nvd
nvd
CVE-2013-5423
2014-07-07 11:01:28
prion
prion
Code injection
2014-07-07 11:01:00
cvelist
cvelist
CVE-2013-5423
2014-07-07 10:00:00
cve
cve
CVE-2013-5423
2014-07-07 11:01:28
ibm
ibm
Security Bulletin: IBM Systems Director (ISD) is affected by vulnerability in the Console Login Window (CVE-2013-5423)
2019-01-31 01:30:01

0.005 Low

EPSS

Percentile

75.3%

JSON
Related for D528ED13CE94BD3AD578805ECDB64D7EA5C3516CA150722E47C2A3935A1E1A2F
nvd1prion1cvelist1cve1ibm1