Vulnerability Name: CVE-2013-0467 (CCN-81102) Assigned: 2012-12-16 Published: 2013-02-15 Updated: 2017-08-29 Summary: IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. CVSS v3 Severity: 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N 3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-264 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2013-0467 IBM Data Studio Help System Multiple Vulnerabilities IBM DB2 Information Center IEHS Multiple Vulnerabilities IBM SPSS Data Collection Eclipse Help System Weakness and Vulnerability IBM InfoSphere Identity Insight Eclipse Help System Information Disclosure Weakness IBM Integrated Information Core Eclipse Help System Weakness and Vulnerability IBM Content Manager Enterprise Edition Eclipse Help System Multiple Vulnerabilities Open Redirect and Cross-Site Scripting Vulnerabilities in the locally installable IBM DB2 Information Center (CVE-2012-2159, CVE-2012-2161, CVE-2013-0467) Open redirect and cross-site scripting vulnerabilities in the IBM Data Studio help system (CVE-2012-2159, CVE-2012-2161, CVE-2013-0467) http://www-01.ibm.com/support/docview.wss?uid=swg21625573 IBM InfoSphere Information Server Suite: Source disclosure in InfoSphere information Servers Help System (CVE-2013-0467) Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467) Vulnerabilities in IBM Rational Insights Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599) Source disclosure in IBM InfoSphere Identity Insights Help System (CVE-2013-0467) IBM OmniFind Enterprise Edition and IBM Content Analytics (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) Vulnerability in IBM Rational ClearQuest Help System (CVE-2013-0467 & CVE-2013-0599) IBM Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (IEHS) (CVE-2013-0464 and CVE-2013-0467) Vulnerabilities in IBM Rational Synergy's Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599) Multiple security vulnerabilities in IEHS Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) Multiple security vulnerabilities exist in WebSphere Transformation Extender (CVE-2013-5802 CVE-2013-4002 CVE-2013-5825 CVE-2013-5372 CVE-2013-0599 CVE-2013-0464 CVE-2013-0467 CVE-2013-2962 CVE-2013-2415) IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467) Fix available for security vulnerabilities related to IEHS in IBM WebSphere Portal (multiple CVEs) Fix available for security vulnerabilities related to IEHS in IBM Sametime Meetings and Proxy version 9 (multiple CVEs) IBM Integrated Information Core 1.5.0.1 interim fix for APAR JR46837 IBM Eclipse Help System CVE-2013-0467 Information Disclosure Vulnerability iehs-cve20130467-source-disclosure(81102) iehs-source-disclosure(81102) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:data_studio:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:data_studio:3.1.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:eclipse_help_system:3.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:* AND cpe:/a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:* OR cpe:/a:ibm:data_studio:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:data_studio:3.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_data_collection:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.0.4::file_transfer:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:* BACK
ibm data studio 3.1.0
ibm data studio 3.1.1
ibm websphere mq 7.0
ibm websphere mq 7.0.0.1
ibm websphere mq 7.0.0.2
ibm websphere mq 7.0.1.1
ibm websphere mq 7.0.1.2
ibm websphere mq 7.0.1.3
ibm websphere mq 7.0.1.4
ibm websphere mq 7.1
ibm websphere mq 7.5
ibm eclipse help system 3.4.3
ibm websphere mq 7.5.0.1
ibm websphere mq 7.1.0.1
ibm websphere mq 7.1.0.2
ibm infosphere information server 8.1
ibm rational clearquest 7.1
ibm websphere portal 7.0
ibm infosphere information server 8.5
ibm infosphere information server 8.0
ibm spss data collection 6.0
ibm rational clearquest 8.0
ibm websphere portal 8.0
ibm spss data collection 6.0.1
ibm infosphere information server 8.7
ibm data studio 3.1.0
ibm data studio 3.1.1
ibm spss data collection 7.0
ibm rational insight 1.1.1.5
ibm rational insight 1.1.1.5
ibm websphere mq 7.0.1
ibm websphere mq 7.0.1.5
ibm websphere mq 7.0.1.6
ibm websphere mq 7.0.1.8
ibm websphere mq 7.0.1.7
ibm websphere mq 7.0.1.9
ibm websphere mq 7.0.1.10
ibm websphere mq 7.0.4
ibm websphere mq 7.5.0.2
ibm websphere mq 7.1.0.3
ibm license metric tool 7.5
ibm tivoli asset discovery for distributed 7.5
ibm sametime 9.0.0.0
ibm sametime 9.0.0.1
ibm websphere portal 6.1
Denotes that component is vulnerable