Vulnerabilities > CVE-2013-5446 - Security vulnerability in IBM products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 | |
| OS | 2 |
Seebug
| bulletinFamily | exploit |
| description | CVE(CAN) ID: CVE-2013-5428,CVE-2013-5446 XC10设备是WebSphere DataPower硬件平台和IBM分布式缓存技术的结合。 IBM WebSphere DataPower XC10 2.5、2.1存在安全漏洞,可使未经身份验证的攻击者访问某些管理员操作,造成拒绝服务;并且在处理Web注销时也存在错误。 0 IBM WebSphere DataPower XC10 2.5 IBM WebSphere DataPower XC10 2.1 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ibm.com/support/fixcentral/ http://www-01.ibm.com/support/docview.wss?uid=swg21653546 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.5.0-WS-DPXC10-7199-FP0000002&includeSupersedes=0 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.5.0-WS-DPXC10-VIRT-FP0000002&includeSupersedes=0 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.1.0.3-WS-DPXC10-9235-IC96617-IC93164&includeSupersedes=0 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=All&platform=All&function=fixId&fixids=2.1.0.3-WS-DPXC10-7199-IC96617-IC93164&includeSupersedes=0 |
| id | SSV:61066 |
| last seen | 2017-11-19 |
| modified | 2013-10-25 |
| published | 2013-10-25 |
| reporter | Root |
| title | IBM WebSphere DataPower XC10 Administrative Access及Web Logoff漏洞 |