Details of VAR-201305-0244

ID

VAR-201305-0244

CVE

CVE-2013-0600

TITLE

IBM WebSphere DataPower XC10 Vulnerabilities that prevent authentication on appliance devices

Trust: 0.8

sources: JVNDB: JVNDB-2013-002602

DESCRIPTION

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. The impact of this issue is currently unknown. We will update this BID when more information emerges. IBM WebSphere DataPower XC10 Appliance 2.0 and 2.1 are vulnerable; other versions may also be affected. IBM WebSphere DataPower XC10 is a high-speed cache platform of IBM Corporation in the United States. The platform enables distributed caching of data with little to no change to existing applications

Trust: 1.98

sources: NVD: CVE-2013-0600 // JVNDB: JVNDB-2013-002602 // BID: 59711 // VULHUB: VHN-60602

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.3	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.3	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.0	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.1 to 2.1 fp3	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 59711 // JVNDB: JVNDB-2013-002602 // CNNVD: CNNVD-201305-160 // NVD: CVE-2013-0600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0600
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-0600
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201305-160
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-60602
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-0600
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-60602
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-60602 // JVNDB: JVNDB-2013-002602 // CNNVD: CNNVD-201305-160 // NVD: CVE-2013-0600

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-0600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-160

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201305-160

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002602

PATCH

title:	1636324	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21636324	Trust: 0.8
title:	XC10-2.1.0.3-IC91726-9235	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45936	Trust: 0.6

sources: JVNDB: JVNDB-2013-002602 // CNNVD: CNNVD-201305-160

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0600	Trust: 2.8
db:	BID	id:	59711	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002602	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-160	Trust: 0.7
db:	AIXAPAR	id:	IC91726	Trust: 0.6
db:	SECUNIA	id:	53341	Trust: 0.6
db:	VULHUB	id:	VHN-60602	Trust: 0.1

sources: VULHUB: VHN-60602 // BID: 59711 // JVNDB: JVNDB-2013-002602 // CNNVD: CNNVD-201305-160 // NVD: CVE-2013-0600

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21636324	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic91726	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0600	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0600	Trust: 0.8
url:	http://secunia.com/advisories/53341	Trust: 0.6
url:	http://www.securityfocus.com/bid/59711	Trust: 0.6
url:	http://www-03.ibm.com/software/products/us/en/datapower-xc10	Trust: 0.3

sources: VULHUB: VHN-60602 // BID: 59711 // JVNDB: JVNDB-2013-002602 // CNNVD: CNNVD-201305-160 // NVD: CVE-2013-0600

CREDITS

IBM

Trust: 0.9

sources: BID: 59711 // CNNVD: CNNVD-201305-160

SOURCES

db:	VULHUB	id:	VHN-60602
db:	BID	id:	59711
db:	JVNDB	id:	JVNDB-2013-002602
db:	CNNVD	id:	CNNVD-201305-160
db:	NVD	id:	CVE-2013-0600

LAST UPDATE DATE

2025-04-11T23:16:37.961000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-60602	date:	2013-05-09T00:00:00
db:	BID	id:	59711	date:	2013-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-002602	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-160	date:	2013-05-10T00:00:00
db:	NVD	id:	CVE-2013-0600	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-60602	date:	2013-05-09T00:00:00
db:	BID	id:	59711	date:	2013-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-002602	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-160	date:	2013-05-09T00:00:00
db:	NVD	id:	CVE-2013-0600	date:	2013-05-09T12:31:18.077