CVE-2013-4024

Published: Sep 25, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.

Affected (5)

Products: Ibm: Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager, Optim Performance Manager

Ibm

4 products

Data Studio Web Console

Db2 Recovery Expert

Infosphere Optim Configuration Manager

Optim Performance Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Data Studio Web Console	Version 3.1.0
Ibm Db2 Recovery Expert	Version 2.0
Ibm Infosphere Optim Configuration Manager	Version 2.0
Ibm Infosphere Optim Configuration Manager	Version 2.1
Ibm Optim Performance Manager	Version 5.1.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21650504

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85931

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21650504

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85931

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.