| Vulnerability Name: | CVE-2013-6331 (CCN-89022) | ||||||||
| Assigned: | 2013-10-31 | ||||||||
| Published: | 2014-02-28 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-6331 Source: CCN Type: IBM Security Bulletin 1666110 Security Bulletin: IBM Algo One Security Vulnerabilities in MetaData Management Tools (addressed in UDS) and ACSWeb (addressed in Algo Security Access Control Manager/AlgoWebApps) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21666110 Source: CCN Type: BID-65939 IBM Algo One CVE-2013-6331 Unspecified SQL Injection Vulnerabilitiy Source: XF Type: UNKNOWN ibm-algo-cve20136331-sql-injection(89022) Source: XF Type: UNKNOWN ibm-algo-one-cve20136331-sqli(89022) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||