CVE-2013-0508

Published Jun 5, 2013

Last updated 4 months ago

CVSS info 7.6

Overview

Description: Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.6
Impact score: 10
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_netcool_application_service_monitors:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8E15B98-3D2D-4365-B929-71411BF11A4D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_netcool_application_service_monitors:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "502D60B1-EF0D-442C-B34F-7246D4BAB483"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_netcool_system_service_monitors:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D96588E-AAC0-4735-A773-162C65183645"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_netcool_system_service_monitors:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5850CD4D-2792-464F-952F-D08478D6C40D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References