CVE-2013-3040 — Sensitive Information Exposure in IBM Infosphere Information Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 51.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedAug 16

Latest updateMay 17

Description

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/infosphere_information_server8 versions+7

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3wc-cq8w-x9q6: IBM InfoSphere Information Server through 8↗2022-05-17

▶

CVEList

CVE-2013-3040: IBM InfoSphere Information Server through 8↗2013-08-16

▶