CVE-2013-4025

CWE-2643 documents3 sources

Severity

1.9LOW

EPSS

0.1%

top 76.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Data Studio WEB Console IBM DB2 Recovery Expert IBM Infosphere Optim Configuration Manager +1 more

Timeline

PublishedSep 25

Latest updateMay 17

Description

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶NVDibm/infosphere_optim_configuration_manager2.0, 2.1+1

▶NVDibm/optim_performance_manager5.1.0

▶NVDibm/data_studio_web_console3.1.0

▶NVDibm/db2_recovery_expert2.0

🔴Vulnerability Details

GHSA

GHSA-r5cm-rxgc-r6wf: IBM Data Studio Web Console 3↗2022-05-17

▶

CVEList

CVE-2013-4025: IBM Data Studio Web Console 3↗2013-09-25

▶