Vulnerability Description
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Data Studio Web Console | 3.1.0 |
| Ibm | Db2 Recovery Expert | 2.0 |
| Ibm | Infosphere Optim Configuration Manager | 2.0 |
| Ibm | Optim Performance Manager | 5.1.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21650504Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85933
- http://www-01.ibm.com/support/docview.wss?uid=swg21650504Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85933
FAQ
What is CVE-2013-4025?
CVE-2013-4025 is a vulnerability with a CVSS score of 1.9 (LOW). IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete...
How severe is CVE-2013-4025?
CVE-2013-4025 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4025?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Data Studio Web Console, Ibm Db2 Recovery Expert, Ibm Infosphere Optim Configuration Manager, Ibm Optim Performance Manager.