CVE-2013-5430

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21653287	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87562

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.6.0.1:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.6.0.2:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.7.0.0:-:enterprise:::::*
	cpe:2.3:a:ibm:security_appscan:8.7.0.1:-:enterprise:::::*

History

No history.

Information

Published : 2013-10-28 03:42

Updated : 2017-08-29 01:33

NVD link : CVE-2013-5430

Mitre link : CVE-2013-5430

CVE.ORG link : CVE-2013-5430

JSON object : View

Products Affected

ibm

security_appscan

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-5430", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-28T03:42:29.683", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653287", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87562", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details."}, {"lang": "es", "value": "El componente Jazz Team Server en IBM Security AppScan Enterprise 8.x anteriores a 8.8 tiene un nombre de usuario y contrase\u00f1a por defecto, lo cual permite a usuarios remotamente autenticados obtener acceso no especificado a este componente utilizando estas credenciales en un entorno con detalles de instalaci\u00f3n aplicables."}], "lastModified": "2017-08-29T01:33:46.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1B610D1-259B-4302-B53C-122B28DC9C3E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "118823C5-6169-41E3-BD9D-707A11ABF6D0"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABD7F3A-218B-4C5B-9C59-B70DF12B2636"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D2DFF5-9C7D-4DE6-BF50-6AF81384DF74"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13510F33-FB13-48FA-9D2C-82D633A3C49E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5019192-0D6B-4BD3-9B51-F1B967F241DA"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8F320A3-9317-4FDA-B1FB-64B70393802D"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "757704EA-B054-4D1C-808F-4EFF34CDB4D9"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EE41CC5-24F1-44D3-A881-628B049C242C"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B20082-EA17-4BE9-AC60-1B8DA726C4A5"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.2:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03408A0D-F784-49CC-8EDC-ACA017AA2524"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FB10B62-C04C-4815-9E94-EE91A9F4980C"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.7.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ABD714-6E02-4BE8-A2E9-40AE753E8339"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}