Details of VAR-201307-0064

ID

VAR-201307-0064

CVE

CVE-2013-2984

TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2013-003206

DESCRIPTION

Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. An authorized remote attacker could exploit this vulnerability to read or modify restricted files

Trust: 1.98

sources: NVD: CVE-2013-2984 // JVNDB: JVNDB-2013-003206 // BID: 60992 // VULHUB: VHN-62986

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.7
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.7

sources: BID: 60992 // JVNDB: JVNDB-2013-003206 // CNNVD: CNNVD-201307-060 // NVD: CVE-2013-2984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2984
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2984
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-060
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-62986
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-2984
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-62986
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-62986 // JVNDB: JVNDB-2013-003206 // CNNVD: CNNVD-201307-060 // NVD: CVE-2013-2984

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-62986 // JVNDB: JVNDB-2013-003206 // NVD: CVE-2013-2984

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-060

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201307-060

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003206

PATCH

title:	IC91046	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IC91046	Trust: 0.8
title:	1640830	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 0.8
title:	si_52_build_5020401_hotfix_3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46369	Trust: 0.6

sources: JVNDB: JVNDB-2013-003206 // CNNVD: CNNVD-201307-060

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2984	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-003206	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-060	Trust: 0.7
db:	AIXAPAR	id:	IC91046	Trust: 0.6
db:	XF	id:	2	Trust: 0.6
db:	XF	id:	84006	Trust: 0.6
db:	BID	id:	60992	Trust: 0.4
db:	VULHUB	id:	VHN-62986	Trust: 0.1

sources: VULHUB: VHN-62986 // BID: 60992 // JVNDB: JVNDB-2013-003206 // CNNVD: CNNVD-201307-060 // NVD: CVE-2013-2984

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic91046	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/84006	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2984	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2984	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/84006	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3

sources: VULHUB: VHN-62986 // BID: 60992 // JVNDB: JVNDB-2013-003206 // CNNVD: CNNVD-201307-060 // NVD: CVE-2013-2984

CREDITS

IBM

Trust: 0.3

sources: BID: 60992

SOURCES

db:	VULHUB	id:	VHN-62986
db:	BID	id:	60992
db:	JVNDB	id:	JVNDB-2013-003206
db:	CNNVD	id:	CNNVD-201307-060
db:	NVD	id:	CVE-2013-2984

LAST UPDATE DATE

2024-08-14T12:52:09.777000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-62986	date:	2017-08-29T00:00:00
db:	BID	id:	60992	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003206	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201307-060	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-2984	date:	2017-08-29T01:33:18.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-62986	date:	2013-07-03T00:00:00
db:	BID	id:	60992	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003206	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201307-060	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-2984	date:	2013-07-03T13:54:31.080