fkie_nvd - fkie_cve-2013-3997

fkie_cve-2013-3997

Vulnerability from fkie_nvd

Published

2014-03-26 10:55

Modified

2024-11-21 01:54

Severity ?

Summary

Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21667812	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/66360
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84986
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21667812	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66360
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84986

Impacted products

Vendor	Product	Version
ibm	infosphere_biginsights	1.1.0.0
ibm	infosphere_biginsights	1.1.0.1
ibm	infosphere_biginsights	1.1.0.2
ibm	infosphere_biginsights	1.2.0.0
ibm	infosphere_biginsights	1.3.0.0
ibm	infosphere_biginsights	1.3.0.1
ibm	infosphere_biginsights	1.4.0.0
ibm	infosphere_biginsights	2.0.0.0
ibm	infosphere_biginsights	2.1.0.0
ibm	infosphere_biginsights	2.1.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBE42CA-7360-4EFB-96A1-69AA501F39A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DC89107-6C8B-4CBE-8447-D5CC671BA01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9286209C-B3B3-4B07-B074-1C5C4B241F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F9BC39-CF55-456C-B463-DCA20EE8051B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0338ED25-41EC-4DFE-8003-9AD71928A582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "994A78F4-61AD-4357-95B2-C7FF84DDA7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:1.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B8A624-8424-426B-A476-8CE25E5152A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66538E2-8A08-440E-8660-4279144068FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "641A375A-E554-49C1-A47D-CA4E1DDB7EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6C5863-F678-48C0-AF97-8C8AB4F9F77E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n abierta en la consola web de Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667812\n\n\"Affected Products and Versions\n\nIBM InfoSphere BigInsights versions 1.1 through 2.1\"",
  "id": "CVE-2013-3997",
  "lastModified": "2024-11-21T01:54:41.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-26T10:55:05.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667812"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/66360"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84986"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-3997

Vulnerability from cvelistv5

Published

2014-03-26 10:00

Modified

2024-08-06 16:30