Vulnerability Description
IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Platform Symphony | 5.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/102262
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88536
- http://osvdb.org/102262
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88536
FAQ
What is CVE-2013-6305?
CVE-2013-6305 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-depe...
How severe is CVE-2013-6305?
CVE-2013-6305 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6305?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Platform Symphony.