CVE-2013-3993

CVSS 6.5 MEDIUMEPSS 5.2%● KEVCWE-22

In short

IBM InfoSphere BigInsights versions before 2.1.0.3 contain a vulnerability where authenticated users can bypass file and directory access controls through manipulated API parameters, potentially accessing sensitive data or executing untrusted code.

Technical detail

CWE-22 path traversal vulnerability in IBM InfoSphere BigInsights prior to 2.1.0.3 allows authenticated users to bypass intended access restrictions via crafted parameters in unspecified API calls, enabling unauthorized file/directory access and potential code execution. Attack requires valid authentication credentials and knowledge of vulnerable API endpoints.

Summary generated and translated by AI from the official description.

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/59676 https://exchange.xforce.ibmcloud.com/vulnerabilities/84982 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3993 http://www-01.ibm.com/support/docview.wss?uid=swg21677445 http://www.securityfocus.com/bid/68449