Vulnerability Name: | CVE-2013-0520 (CCN-83433) | ||||||||
Assigned: | 2012-12-16 | ||||||||
Published: | 2013-05-03 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data. | ||||||||
CVSS v3 Severity: | 3.0 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.0 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-0520 Source: CCN Type: SA53333 IBM Sterling Secure Proxy Multiple Information Disclosure Vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21636369 Source: CCN Type: IBM Security Bulletin 1636369 Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0518, CVE-2013-0519, CVE-2013-0520) Source: CCN Type: BID-59694 IBM Sterling Secure Proxy CVE-2013-0520 Information Disclosure Vulnerability Source: XF Type: UNKNOWN ssp-cve20130520-info-disclosure(83433) Source: XF Type: UNKNOWN ssp-cve20130520-info-disclosure(83433) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |