CVE-2013-4024

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 56.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Data Studio WEB Console IBM DB2 Recovery Expert IBM Infosphere Optim Configuration Manager +1 more

Timeline

PublishedSep 25

Latest updateMay 17

Description

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDibm/infosphere_optim_configuration_manager2.0, 2.1+1

▶NVDibm/optim_performance_manager5.1.0

▶NVDibm/data_studio_web_console3.1.0

▶NVDibm/db2_recovery_expert2.0

🔴Vulnerability Details

GHSA

GHSA-c967-w47v-rp8h: IBM Data Studio Web Console 3↗2022-05-17

▶

CVEList

CVE-2013-4024: IBM Data Studio Web Console 3↗2013-09-25

▶