CVE-2013-3040 - Vulnerability Details - OpenCVE

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Information Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21646136
http://www.securityfocus.com/bid/61755
https://exchange.xforce.ibmcloud.com/vulnerabilities/84765

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-08-16T01:00:00

Updated: 2024-08-06T16:00:09.904Z

Reserved: 2013-04-12T00:00:00

Link: CVE-2013-3040

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-08-16T01:55:15.803

Modified: 2024-11-21T01:52:52.857

Link: CVE-2013-3040

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136"}, {"name": "61755", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61755"}, {"name": "infosphere-cve20133040-info-disclosure(84765)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-3040", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136"}, {"name": "61755", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61755"}, {"name": "infosphere-cve20133040-info-disclosure(84765)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:00:09.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136"}, {"name": "61755", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61755"}, {"name": "infosphere-cve20133040-info-disclosure(84765)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-3040", "datePublished": "2013-08-16T01:00:00", "dateReserved": "2013-04-12T00:00:00", "dateUpdated": "2024-08-06T16:00:09.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57FEAC62-FF71-4AFC-B907-C0AC5301FB35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C940220-98F4-41FC-93BE-6D33D4AE9447", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "71FEBA37-59D9-4BE0-8072-3BB60832BDB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack."}, {"lang": "es", "value": "IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 produce mensajes de fallo de inicio de sesi\u00f3n e indica si el nombre de usuario o la contrase\u00f1a es incorrecta, lo que permite a atacantes remotos para enumerar las cuentas de usuario a trav\u00e9s de un ataque de fuerza bruta."}], "id": "CVE-2013-3040", "lastModified": "2024-11-21T01:52:52.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-16T01:55:15.803", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/61755"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}