Details of VAR-201309-0301

ID

VAR-201309-0301

CVE

CVE-2013-5403

TITLE

IBM WebSphere DataPower XC10 Vulnerability in an appliance that gains administrative access

Trust: 0.8

sources: JVNDB: JVNDB-2013-004349

DESCRIPTION

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain potentially sensitive information. This may aid in further attacks. IBM WebSphere DataPower XC10 Appliance 2.0, 2.1, and 2.5 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. A remote attacker could exploit this vulnerability to gain administrator privileges

Trust: 1.98

sources: NVD: CVE-2013-5403 // JVNDB: JVNDB-2013-004349 // BID: 62683 // VULHUB: VHN-65405

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.3	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.5.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.5.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.3	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.0.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.0 to 2.5.0.1	Trust: 0.8

sources: JVNDB: JVNDB-2013-004349 // CNNVD: CNNVD-201309-499 // NVD: CVE-2013-5403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5403
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5403
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-499
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-65405
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5403
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65405
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65405 // JVNDB: JVNDB-2013-004349 // CNNVD: CNNVD-201309-499 // NVD: CVE-2013-5403

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2013-004349 // NVD: CVE-2013-5403

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-499

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-499

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004349

PATCH

title:

1651098

url:

http://www-01.ibm.com/support/docview.wss?uid=swg21651098

Trust: 0.8

sources: JVNDB: JVNDB-2013-004349

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5403	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004349	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-499	Trust: 0.7
db:	XF	id:	87299	Trust: 0.6
db:	XF	id:	20135403	Trust: 0.6
db:	AIXAPAR	id:	IC96174	Trust: 0.6
db:	BID	id:	62683	Trust: 0.4
db:	VULHUB	id:	VHN-65405	Trust: 0.1

sources: VULHUB: VHN-65405 // BID: 62683 // JVNDB: JVNDB-2013-004349 // CNNVD: CNNVD-201309-499 // NVD: CVE-2013-5403

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic96174	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=swg21651098	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87299	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5403	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5403	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/87299	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3

sources: VULHUB: VHN-65405 // BID: 62683 // JVNDB: JVNDB-2013-004349 // CNNVD: CNNVD-201309-499 // NVD: CVE-2013-5403

CREDITS

IBM

Trust: 0.3

sources: BID: 62683

SOURCES

db:	VULHUB	id:	VHN-65405
db:	BID	id:	62683
db:	JVNDB	id:	JVNDB-2013-004349
db:	CNNVD	id:	CNNVD-201309-499
db:	NVD	id:	CVE-2013-5403

LAST UPDATE DATE

2025-04-11T23:12:49.257000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65405	date:	2017-08-29T00:00:00
db:	BID	id:	62683	date:	2014-07-25T00:09:00
db:	JVNDB	id:	JVNDB-2013-004349	date:	2013-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201309-499	date:	2013-10-12T00:00:00
db:	NVD	id:	CVE-2013-5403	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65405	date:	2013-09-27T00:00:00
db:	BID	id:	62683	date:	2013-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-004349	date:	2013-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201309-499	date:	2013-09-29T00:00:00
db:	NVD	id:	CVE-2013-5403	date:	2013-09-27T20:55:04.327