CVE-2013-4024

2013-09-2510:31:29

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.6%

JSON

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

Affected configurations

Nvd

Node

ibmdata_studio_web_consoleMatch3.1.0

ibmdb2_recovery_expertMatch2.0

ibminfosphere_optim_configuration_managerMatch2.0

ibminfosphere_optim_configuration_managerMatch2.1

ibmoptim_performance_managerMatch5.1.0

VendorProductVersionCPE
ibmdata_studio_web_console3.1.0cpe:2.3:a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:*
ibmdb2_recovery_expert2.0cpe:2.3:a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:*
ibminfosphere_optim_configuration_manager2.0cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:*:*:*:*:*:*:*
ibminfosphere_optim_configuration_manager2.1cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:*
ibmoptim_performance_manager5.1.0cpe:2.3:a:ibm:optim_performance_manager:5.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	data_studio_web_console	3.1.0	cpe:2.3:a:ibm:data_studio_web_console:3.1.0:::::::*
ibm	db2_recovery_expert	2.0	cpe:2.3:a:ibm:db2_recovery_expert:2.0:::::::*
ibm	infosphere_optim_configuration_manager	2.0	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.0:::::::*
ibm	infosphere_optim_configuration_manager	2.1	cpe:2.3:a:ibm:infosphere_optim_configuration_manager:2.1:::::::*
ibm	optim_performance_manager	5.1.0	cpe:2.3:a:ibm:optim_performance_manager:5.1.0:::::::*