CVE-2013-4056
Published Oct 13, 2013
Last updated 7 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C940220-98F4-41FC-93BE-6D33D4AE9447"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71FEBA37-59D9-4BE0-8072-3BB60832BDB5"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A8C1149-EA1D-42AA-8478-56F5A63B1D5C"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E464E9EC-FECD-4243-B2CF-87E54D09875E"
}
],
"operator": "OR"
}
]
}
]