CVE-2013-5433 - OpenCVE

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Infosphere Optim Data Growth Solution For Siebel Crm

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:::::::*
	cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21680575	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87639

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2014-08-12T00:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5433

JSON object: View

NVD Information

Status : Modified

Published: 2014-08-12T00:55:03.297

Modified: 2017-08-29T01:33:47.107

Link: CVE-2013-5433

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-optim-cve20135433-info-disc(87639)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87639"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680575"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-5433", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-optim-cve20135433-info-disc(87639)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87639"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680575", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680575"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-5433", "datePublished": "2014-08-12T00:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFBB2FA6-F2C5-43F4-8B0F-9F0A055BA807", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9677576-A5F4-45BE-BF58-13AEB60F941B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD4F27CC-9AFB-440A-9AD8-D82D78ECCC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "8BF829BC-3E2E-405F-838D-51EFD241A189", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_optim_data_growth_solution_for_siebel_crm:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "4529CE9F-1B36-4EC3-A8E4-94663ED2F4F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document."}, {"lang": "es", "value": "Data Growth Solution para JD Edwards EnterpriseOne en IBM InfoSphere Optim 3.0 hasta 9.1 tiene las credenciales de la base de datos embebidas, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un campo no especificado en un documento XML."}], "id": "CVE-2013-5433", "lastModified": "2017-08-29T01:33:47.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-12T00:55:03.297", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680575"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87639"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}