CVE-2013-5433

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21680575	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87639

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:::::::*

History

No history.

Information

Published : 2014-08-12 00:55

Updated : 2017-08-29 01:33

NVD link : CVE-2013-5433

Mitre link : CVE-2013-5433

CVE.ORG link : CVE-2013-5433

JSON object : View

Products Affected

ibm

infosphere_optim_data_growth_solution_for_siebel_crm

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-5433", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-12T00:55:03.297", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680575", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87639", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document."}, {"lang": "es", "value": "Data Growth Solution para JD Edwards EnterpriseOne en IBM InfoSphere Optim 3.0 hasta 9.1 tiene las credenciales de la base de datos embebidas, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un campo no especificado en un documento XML."}], "lastModified": "2017-08-29T01:33:47.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBB2FA6-F2C5-43F4-8B0F-9F0A055BA807"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9677576-A5F4-45BE-BF58-13AEB60F941B"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD4F27CC-9AFB-440A-9AD8-D82D78ECCC43"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BF829BC-3E2E-405F-838D-51EFD241A189"}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4529CE9F-1B36-4EC3-A8E4-94663ED2F4F5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}