CVE-2013-0578

Published May 10, 2013
Last updated 4 months ago
CVSS info 3.5
Overview

Description: The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.
Source: psirt@us.ibm.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-287
Hype score: Not currently trending
Evaluator

Comment: Per: http://www-01.ibm.com/support/docview.wss?uid=swg21636034 'AFFECTED PRODUCTS AND VERSIONS: IBM Sterling Selling and Fulfillment Foundation 9.2.0 IBM Sterling Selling and Fulfillment Foundation 9.1.0 IBM Sterling Selling and Fulfillment Foundation 9.0 IBM Sterling Selling and Fulfillment Foundation 8.5 IBM Sterling Multi-Channel Fulfillment Solution 8.0'
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:sterling_multi-channel_fulfillment_solution:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "019E1589-F72C-4024-9EF2-37B9CB54FDE6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67E9BBD-95B4-46E5-A980-72BFDFDAF9B6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCAA2413-4055-4121-AEDE-E6F97428D351"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F5029B7-9CE0-44B2-A12D-6D51A04B1C4A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "398EC0D4-2273-4C5E-BD60-273E2EA10055"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2992C75-CC4B-40D2-A107-527A4BD3BEC2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86997623-ED4B-44CD-A74A-E31D136A395B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C81F34C2-FDDE-4DEB-B3B6-7B50299F68C7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5B6C9C-2963-441D-844E-F1BBE103E6F6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7436A337-88FD-4F97-8957-D6CD5319CB96"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9732B9B2-378E-4142-942B-2E792B00F2F2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F7A5AF-191F-47A3-8E62-D41B6E8F34FF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC359F7-6BDF-4427-AFDB-E36CC2A85CDE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6A235E8-9231-46DD-9699-99603A14762D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03D9A32B-A2D7-48CF-9F0B-FB745221A246"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "565B6588-323E-4633-8C6C-5ADF4AE47FF7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C349A3A-2883-4183-9D66-8A0D230E7C8A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D0BFD39-20EC-4454-960A-4D75064EC961"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB8BD4C9-DA50-4D0E-8809-071FEE60A999"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "928C51B7-0BB4-4C90-9353-9BB904F0EBAC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "843E8EC3-1965-48FE-8FB9-A6A08BDD4C67"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2CCDCDC-671C-44E3-AAE2-46FAE57205E5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11C7813E-424E-49F0-94C1-57740102591F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D6E17EC-1B43-45C6-964F-9276667EEBD6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFAB7A62-9828-451C-8B04-5B2D3A329552"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B278CD4-1710-419F-88EE-A48880D73B42"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC2D7CEB-7E93-4901-A400-5CD684A476E9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5817C2-0BBD-4F5B-8831-FC4B2C628C54"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CB3C56B-6436-43B2-9CB2-DCEC21B4734D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1160E6A-A2DC-4D06-922D-C6CAE3734DBD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50CC495B-1160-4E0F-9DBC-200F940DD1B4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F70D844-7980-4C4C-A3F6-5A8E338994E8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72A9F9FE-FA2C-49A0-A7F3-3956AC41B058"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B431899-524C-45B7-948C-2766072768F2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C77E75-AF19-4D62-89CD-975BB0CB0EE8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1140D4E1-9600-4131-AAD6-9DEAD1BF23FE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA025552-E704-4F46-8E62-3CFD628BD025"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE726D3E-E37C-4FE2-B5E6-E2AEE3C15E3E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D079F7C-0BD9-4FA3-85E2-D562E8E5C0A0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2441EA6F-98AA-4FEC-9247-6A8150CFE96E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "052BB05B-1573-4163-9987-8177179A6871"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8385A7D3-E272-4358-8245-28E0C187054C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F846E68-11F3-4877-8FC4-BD285789EAE8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC23876-C1F0-486D-B2C6-DAB21B0DDD3B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7A9C72-335D-4A36-A32C-A86C76FA0C23"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4235BFBA-2663-45AB-A0E1-D7FE5C161DAB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FC43B4B-D243-4A21-BA8D-6BEC2F20C231"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "014C49DF-790C-4D12-B2B4-D6732676F325"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6B7FCDE-16A4-4A0E-9349-F6D2D4B35FA5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E03FBE3-021E-4D25-8426-5DF89C1382CC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECD27C3E-1491-41CF-96E9-56A32479BEDF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AE36402-4154-4C6F-99C6-DF5E139AA791"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0991736-56A9-4623-AA28-A693449C92D0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC014E2-250E-418E-B763-34B14757B48F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72688E67-12CA-401D-976E-C66DC6D25A25"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B71F765-1019-4B63-8D31-A01D654A186E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CE187CA-97B0-49FA-986D-060F82E9BFA3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7068096-9BC1-48C6-B2E6-DD5084A1DF67"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44430DAC-857A-43B9-9DBE-58AC3D3F67D6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DDFD7AE-8FAD-4E43-9CE3-E206D9005779"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05F32344-6B36-44D6-92B1-D2A130F5A4B5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6652468E-AFF7-4F53-A2FF-6FB5729CDCA3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "406606D2-A04B-470C-B147-78F86F6A7823"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14F3941F-238E-420B-9670-4F9EB47D3A46"
          },
          {
            "criteria": "cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D8AA80-B451-45E9-9FD3-E241777354D7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
