Sign-up

ID

VAR-201410-1051


CVE

CVE-2014-3059


TITLE

IBM WebSphere DataPower XC10 Vulnerabilities that can gain administrator privileges in the appliance management console

Trust: 0.8

sources: JVNDB: JVNDB-2014-004503

DESCRIPTION

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications

Trust: 1.98

sources: NVD: CVE-2014-3059 // JVNDB: JVNDB-2014-004503 // BID: 70269 // VULHUB: VHN-70998

AFFECTED PRODUCTS

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.0

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion: -

Trust: 1.0

vendor:ibmmodel:websphere datapower xc10 the appliancescope:eqversion:2.5.0

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 the appliancescope: - version: -

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5

Trust: 0.3

sources: BID: 70269 // JVNDB: JVNDB-2014-004503 // CNNVD: CNNVD-201410-005 // NVD: CVE-2014-3059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3059
value: HIGH

Trust: 1.0

NVD: CVE-2014-3059
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201410-005
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70998
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3059
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70998
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70998 // JVNDB: JVNDB-2014-004503 // CNNVD: CNNVD-201410-005 // NVD: CVE-2014-3059

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3059

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-005

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201410-005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004503

PATCH
title:IT03476url:http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476
Trust: 0.8
title:1685705url:http://www-01.ibm.com/support/docview.wss?uid=swg21685705
Trust: 0.8
title:2.5.0-WS-DPXC10-7199-FP0000004url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54165
Trust: 0.6
title:2.5.0-WS-DPXC10-7199-VSL-3.2.6-FP0000004url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54164
Trust: 0.6
title:2.5.0.4-WS-DPXC10-VIRTurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54166
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-004503 // 
            
            
            
            CNNVD: CNNVD-201410-005

EXTERNAL IDS
db:NVDid:CVE-2014-3059
Trust: 2.8
db:JVNDBid:JVNDB-2014-004503
Trust: 0.8
db:CNNVDid:CNNVD-201410-005
Trust: 0.7
db:XFid:93533
Trust: 0.6
db:BIDid:70269
Trust: 0.4
db:VULHUBid:VHN-70998
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70998 // 
            
            
            
            BID: 70269 // 
            
            
            
            JVNDB: JVNDB-2014-004503 // 
            
            
            
            CNNVD: CNNVD-201410-005 // 
            
            
            
            NVD: CVE-2014-3059

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it03476
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21685705
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/93533
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3059
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3059
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/93533
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:http://www-03.ibm.com/software/products/en/datapower-xc10
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg21685705
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70998 // 
            
            
            
            BID: 70269 // 
            
            
            
            JVNDB: JVNDB-2014-004503 // 
            
            
            
            CNNVD: CNNVD-201410-005 // 
            
            
            
            NVD: CVE-2014-3059

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 70269

SOURCES
db:VULHUBid:VHN-70998
db:BIDid:70269
db:JVNDBid:JVNDB-2014-004503
db:CNNVDid:CNNVD-201410-005
db:NVDid:CVE-2014-3059

LAST UPDATE DATE
2025-04-13T23:42:06.286000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70998date:2017-08-29T00:00:00
db:BIDid:70269date:2014-09-30T00:00:00
db:JVNDBid:JVNDB-2014-004503date:2014-10-03T00:00:00
db:CNNVDid:CNNVD-201410-005date:2014-10-11T00:00:00
db:NVDid:CVE-2014-3059date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70998date:2014-10-02T00:00:00
db:BIDid:70269date:2014-09-30T00:00:00
db:JVNDBid:JVNDB-2014-004503date:2014-10-03T00:00:00
db:CNNVDid:CNNVD-201410-005date:2014-10-11T00:00:00
db:NVDid:CVE-2014-3059date:2014-10-02T00:55:03.593