⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: The impacted product is end-of-life and should be disconnected if still in use.. Due date: 2022-06-15.

CVE-2013-3993 — Path Traversal in IBM Infosphere Biginsights

CWE-22 — Path Traversal CWE-2645 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

21.0%

top 4.35%

CISA KEV

KEVRansomware

Added 2022-05-25

Due 2022-06-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

IBM Infosphere Biginsights

Timeline

PublishedJul 7

KEV addedMay 25

KEV dueJun 15

CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/infosphere_biginsights< 2.1.0.3

🔴Vulnerability Details

GHSA

GHSA-2qh2-hj3f-rhcf: IBM InfoSphere BigInsights before 2↗2022-05-17

▶

CVEList

CVE-2013-3993: IBM InfoSphere BigInsights before 2↗2014-07-07

▶

VulnCheck

IBM InfoSphere BigInsights Invalid Input Vulnerability↗2013

▶

📋Vendor Advisories

CISA

IBM InfoSphere BigInsights Invalid Input Vulnerability↗2022-05-25

▶