Vulnerability CVE-2013-5400


Published: 2014-02-14

Description:
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Platform symphony 

 References:
http://xforce.iss.net/xforce/xfdb/87296
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564

Copyright 2024, cxsecurity.com

 

Back to Top