Details of VAR-201310-0312

ID

VAR-201310-0312

CVE

CVE-2013-5446

TITLE

IBM WebSphere DataPower XC10 Vulnerability in console running on appliance

Trust: 0.8

sources: JVNDB: JVNDB-2013-004828

DESCRIPTION

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unspecified security vulnerability. Limited information is currently available regarding this issue. We will update this BID as more information emerges. IBM WebSphere DataPower XC10 Appliance 2.1.0 and 2.5.0 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. An unauthorized attacker could exploit this vulnerability to perform administrator actions

Trust: 1.98

sources: NVD: CVE-2013-5446 // JVNDB: JVNDB-2013-004828 // BID: 63250 // VULHUB: VHN-65448

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.5.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.1.0	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.5.0	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.5.0	Trust: 0.3

sources: BID: 63250 // JVNDB: JVNDB-2013-004828 // CNNVD: CNNVD-201310-507 // NVD: CVE-2013-5446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5446
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5446
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-507
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-65448
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5446
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65448
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65448 // JVNDB: JVNDB-2013-004828 // CNNVD: CNNVD-201310-507 // NVD: CVE-2013-5446

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-507

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201310-507

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004828

PATCH

title:

1653546

url:

http://www.ibm.com/support/docview.wss?uid=swg21653546

Trust: 0.8

sources: JVNDB: JVNDB-2013-004828

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5446	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004828	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-507	Trust: 0.7
db:	XF	id:	87910	Trust: 0.6
db:	XF	id:	10	Trust: 0.6
db:	AIXAPAR	id:	IC93164	Trust: 0.6
db:	AIXAPAR	id:	IC96617	Trust: 0.6
db:	BID	id:	63250	Trust: 0.4
db:	VULHUB	id:	VHN-65448	Trust: 0.1

sources: VULHUB: VHN-65448 // BID: 63250 // JVNDB: JVNDB-2013-004828 // CNNVD: CNNVD-201310-507 // NVD: CVE-2013-5446

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic93164	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic96617	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=swg21653546	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87910	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5446	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5446	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/87910	Trust: 0.6
url:	http://www-01.ibm.com/software/webservers/appserv/xc10/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21653546	Trust: 0.3

sources: VULHUB: VHN-65448 // BID: 63250 // JVNDB: JVNDB-2013-004828 // CNNVD: CNNVD-201310-507 // NVD: CVE-2013-5446

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 63250

SOURCES

db:	VULHUB	id:	VHN-65448
db:	BID	id:	63250
db:	JVNDB	id:	JVNDB-2013-004828
db:	CNNVD	id:	CNNVD-201310-507
db:	NVD	id:	CVE-2013-5446

LAST UPDATE DATE

2025-04-11T22:51:33.864000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65448	date:	2017-08-29T00:00:00
db:	BID	id:	63250	date:	2013-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004828	date:	2013-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201310-507	date:	2013-10-23T00:00:00
db:	NVD	id:	CVE-2013-5446	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65448	date:	2013-10-22T00:00:00
db:	BID	id:	63250	date:	2013-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004828	date:	2013-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201310-507	date:	2013-10-23T00:00:00
db:	NVD	id:	CVE-2013-5446	date:	2013-10-22T11:17:15.297