Vulnerability Name: CVE-2013-4022 (CCN-85928) Assigned: 2013-09-23 Published: 2013-09-23 Updated: 2017-08-29 Summary: IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors. CVSS v3 Severity: 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N 2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-255 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2013-4022 http://www-01.ibm.com/support/docview.wss?uid=swg21650504 Multiple IBM Products CVE-2013-4022 Cookie Authentication Bypass Vulnerability datastudio-cve20134022-info-disclosure(85928) datastudio-cve20134022-info-disclosure(85928) Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2013-4025, CVE-2013-4024, CVE-2013-4022) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:optim_performance_manager:5.1.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:infosphere_optim_performance_manager:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_performance_manager:5.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_performance_manager:5.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:* BACK
ibm data studio web console 3.1.0
ibm db2 recovery expert 2.0
ibm infosphere optim configuration manager 2.0
ibm infosphere optim configuration manager 2.1
ibm optim performance manager 5.1.0
ibm infosphere optim performance manager 5.1.0
ibm infosphere optim performance manager 5.1.1.1
ibm infosphere optim performance manager 5.1.1.0
ibm data studio web console 3.1.0
ibm infosphere optim configuration manager 2.1
ibm db2 recovery expert 2.0
Denotes that component is vulnerable