Vulnerability Description
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sterling Multi-Channel Fulfillment Solution | 8.0 |
| Ibm | Sterling Selling And Fulfillment Foundation | 8.5 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829
- http://www-01.ibm.com/support/docview.wss?uid=swg21636034Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83330
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829
- http://www-01.ibm.com/support/docview.wss?uid=swg21636034Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83330
FAQ
What is CVE-2013-0578?
CVE-2013-0578 is a vulnerability with a CVSS score of 3.5 (LOW). The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 befor...
How severe is CVE-2013-0578?
CVE-2013-0578 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0578?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sterling Multi-Channel Fulfillment Solution, Ibm Sterling Selling And Fulfillment Foundation.