← Back

CVE-2013-0578

nvd nist
Published: May 10, 2013Modified: Apr 29, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:P/I:N/A:N
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.

Affected (65)

Ibm
2 products
Sterling Multi Channel Fulfillment Solution
Sterling Selling And Fulfillment Foundation
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Sterling Multi Channel Fulfillment Solution
Version 8.0
Ibm
Sterling Selling And Fulfillment Foundation
Version 8.5
Sterling Selling And Fulfillment Foundation
Version 9.0
Configuration B
17 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Sterling Selling And Fulfillment Foundation
Version 9.2.0.10
Sterling Selling And Fulfillment Foundation
Version 9.2.0.11
Sterling Selling And Fulfillment Foundation
Version 9.2.0.12
Sterling Selling And Fulfillment Foundation
Version 9.2.0.13
Sterling Selling And Fulfillment Foundation
Version 9.2.0.14
Sterling Selling And Fulfillment Foundation
Version 9.2.0.15
Sterling Selling And Fulfillment Foundation
Version 9.2.0.16
Sterling Selling And Fulfillment Foundation
Version 9.2.0.1
Sterling Selling And Fulfillment Foundation
Version 9.2.0.2
Sterling Selling And Fulfillment Foundation
Version 9.2.0.3
Sterling Selling And Fulfillment Foundation
Version 9.2.0.4
Sterling Selling And Fulfillment Foundation
Version 9.2.0.5
Sterling Selling And Fulfillment Foundation
Version 9.2.0.6
Sterling Selling And Fulfillment Foundation
Version 9.2.0.7
Sterling Selling And Fulfillment Foundation
Version 9.2.0.8
Sterling Selling And Fulfillment Foundation
Version 9.2.0.9
Sterling Selling And Fulfillment Foundation
Version 9.2.0
Configuration C
45 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Sterling Selling And Fulfillment Foundation
Version 9.1.0.10
Sterling Selling And Fulfillment Foundation
Version 9.1.0.11
Sterling Selling And Fulfillment Foundation
Version 9.1.0.12
Sterling Selling And Fulfillment Foundation
Version 9.1.0.13
Sterling Selling And Fulfillment Foundation
Version 9.1.0.14
Sterling Selling And Fulfillment Foundation
Version 9.1.0.15
Sterling Selling And Fulfillment Foundation
Version 9.1.0.16
Sterling Selling And Fulfillment Foundation
Version 9.1.0.17
Sterling Selling And Fulfillment Foundation
Version 9.1.0.18
Sterling Selling And Fulfillment Foundation
Version 9.1.0.19
Sterling Selling And Fulfillment Foundation
Version 9.1.0.1
Sterling Selling And Fulfillment Foundation
Version 9.1.0.20
Sterling Selling And Fulfillment Foundation
Version 9.1.0.21
Sterling Selling And Fulfillment Foundation
Version 9.1.0.22
Sterling Selling And Fulfillment Foundation
Version 9.1.0.23
Sterling Selling And Fulfillment Foundation
Version 9.1.0.24
Sterling Selling And Fulfillment Foundation
Version 9.1.0.25
Sterling Selling And Fulfillment Foundation
Version 9.1.0.26
Sterling Selling And Fulfillment Foundation
Version 9.1.0.27
Sterling Selling And Fulfillment Foundation
Version 9.1.0.28
Sterling Selling And Fulfillment Foundation
Version 9.1.0.29
Sterling Selling And Fulfillment Foundation
Version 9.1.0.2
Sterling Selling And Fulfillment Foundation
Version 9.1.0.30
Sterling Selling And Fulfillment Foundation
Version 9.1.0.31
Sterling Selling And Fulfillment Foundation
Version 9.1.0.32
Sterling Selling And Fulfillment Foundation
Version 9.1.0.33
Sterling Selling And Fulfillment Foundation
Version 9.1.0.34
Sterling Selling And Fulfillment Foundation
Version 9.1.0.35
Sterling Selling And Fulfillment Foundation
Version 9.1.0.36
Sterling Selling And Fulfillment Foundation
Version 9.1.0.37
Sterling Selling And Fulfillment Foundation
Version 9.1.0.38
Sterling Selling And Fulfillment Foundation
Version 9.1.0.39
Sterling Selling And Fulfillment Foundation
Version 9.1.0.3
Sterling Selling And Fulfillment Foundation
Version 9.1.0.40
Sterling Selling And Fulfillment Foundation
Version 9.1.0.41
Sterling Selling And Fulfillment Foundation
Version 9.1.0.42
Sterling Selling And Fulfillment Foundation
Version 9.1.0.43
Sterling Selling And Fulfillment Foundation
Version 9.1.0.44
Sterling Selling And Fulfillment Foundation
Version 9.1.0.4
Sterling Selling And Fulfillment Foundation
Version 9.1.0.5
Sterling Selling And Fulfillment Foundation
Version 9.1.0.6
Sterling Selling And Fulfillment Foundation
Version 9.1.0.7
Sterling Selling And Fulfillment Foundation
Version 9.1.0.8
Sterling Selling And Fulfillment Foundation
Version 9.1.0.9
Sterling Selling And Fulfillment Foundation
Version 9.1.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.