Vulnerability Name: CVE-2013-4024 (CCN-85931) Assigned: 2013-09-23 Published: 2013-09-23 Updated: 2017-08-29 Summary: IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network. CVSS v3 Severity: 2.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
2.3 Low (CCN CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:P/A:N 1.7 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): MediumAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2013-4024 http://www-01.ibm.com/support/docview.wss?uid=swg21650504 IBM Multiple Product Web Console MitM Cookie Disclosure Multiple IBM Products CVE-2013-4024 Man In The Middle Information Disclosure Vulnerability datastudio-cve20134024-mitm(85931) datastudio-cve20134024-mitm(85931) Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2013-4025, CVE-2013-4024, CVE-2013-4022) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:optim_performance_manager:5.1.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:infosphere_optim_performance_manager:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_performance_manager:5.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_performance_manager:5.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:data_studio_web_console:3.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_optim_configuration_manager:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_recovery_expert:2.0:*:*:*:*:*:*:* BACK
ibm data studio web console 3.1.0
ibm db2 recovery expert 2.0
ibm infosphere optim configuration manager 2.0
ibm infosphere optim configuration manager 2.1
ibm optim performance manager 5.1.0
ibm infosphere optim performance manager 5.1.0
ibm infosphere optim performance manager 5.1.1.1
ibm infosphere optim performance manager 5.1.1.0
ibm data studio web console 3.1.0
ibm infosphere optim configuration manager 2.1
ibm db2 recovery expert 2.0
Denotes that component is vulnerable