Vulnerability Description
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Data Studio Web Console | 3.1.0 |
| Ibm | Db2 Recovery Expert | 2.0 |
| Ibm | Infosphere Optim Configuration Manager | 2.0 |
| Ibm | Optim Performance Manager | 5.1.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21650504Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85931
- http://www-01.ibm.com/support/docview.wss?uid=swg21650504Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85931
FAQ
What is CVE-2013-4024?
CVE-2013-4024 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web ...
How severe is CVE-2013-4024?
CVE-2013-4024 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4024?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Data Studio Web Console, Ibm Db2 Recovery Expert, Ibm Infosphere Optim Configuration Manager, Ibm Optim Performance Manager.