Vulnerabilities > CVE-2013-4022 - Credentials Management vulnerability in IBM products

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

ibm

CWE-255

NVD

Published: 2013-09-25

Updated: 2017-08-29

Summary

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Data Studio WEB Console 3.1.0 IBM DB2 Recovery Expert 2.0 IBM Infosphere Optim Configuration Manager 2.0 IBM Infosphere Optim Configuration Manager 2.1 IBM Optim Performance Manager 5.1.0	5

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www-01.ibm.com/support/docview.wss?uid=swg21650504
https://exchange.xforce.ibmcloud.com/vulnerabilities/85928