Vulnerability CVE-2013-4058 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4058 (CCN-86547)

Assigned:

2013-06-07

Published:

2014-03-10

Updated:

2017-08-29

Summary:

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2013-4058

Source: CCN
Type: SA57312
IBM InfoSphere Information Server Multiple Vulnerabilities

Source: AIXAPAR
Type: UNKNOWN
JR48815

Source: AIXAPAR
Type: UNKNOWN
JR49200

Source: AIXAPAR
Type: UNKNOWN
JR49206

Source: CCN
Type: IBM Security Bulletin 1666684
Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21666684

Source: CCN
Type: IBM Security Bulletin 1670298
Multiple security vulnerabilities exist in IBM InfoSphere Data Click 10.0 (CVE-2013-3034 CVE-2013-3040 CVE-2013-0599 CVE-2013-4057 CVE-2013-4058 CVE-2013-4059 CVE-2013-4066 CVE-2013-4067)

Source: BID
Type: UNKNOWN
66155

Source: CCN
Type: BID-66155
IBM InfoSphere Information Server CVE-2013-4058 Unspecified SQL Injection Vulnerabilitiy

Source: XF
Type: UNKNOWN
ibm-infosphere-cve20134058-sql-injection(86547)

Source: XF
Type: UNKNOWN
ibm-infosphere-cve20134058-sqli(86547)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*

Denotes that component is vulnerable