Sign-up

ID

VAR-201309-0429


CVE

CVE-2013-5489


TITLE

Cisco SocialMiner Vulnerability in obtaining important information in the implementation of gadgets

Trust: 0.8

sources: JVNDB: JVNDB-2013-004110

DESCRIPTION

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. Vendors have confirmed this vulnerability Bug ID CSCuh74125 It is released as.If a third party reads the following, important information may be obtained. (1) Web Server access log (2) Web Server Referer log (3) Browser history. Cisco SocialMiner is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Cisco SocialMiner 9.0 (1) is vulnerable; other versions may also be affected. This issue is being tracked by Cisco Bug ID CSCuh74125. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities

Trust: 1.98

sources: NVD: CVE-2013-5489 // JVNDB: JVNDB-2013-004110 // BID: 62304 // VULHUB: VHN-65491

AFFECTED PRODUCTS

vendor:ciscomodel:socialminerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:socialminerscope:eqversion:9.0(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004110 // CNNVD: CNNVD-201309-193 // NVD: CVE-2013-5489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5489
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5489
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-193
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65491
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5489
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65491
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65491 // JVNDB: JVNDB-2013-004110 // CNNVD: CNNVD-201309-193 // NVD: CVE-2013-5489

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65491 // JVNDB: JVNDB-2013-004110 // NVD: CVE-2013-5489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-193

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-193

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004110

PATCH
title:Cisco SocialMiner Sensitive Information GET Request Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489
Trust: 0.8
title:30734url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30734
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004110

EXTERNAL IDS
db:NVDid:CVE-2013-5489
Trust: 2.8
db:JVNDBid:JVNDB-2013-004110
Trust: 0.8
db:CNNVDid:CNNVD-201309-193
Trust: 0.7
db:CISCOid:20130910 CISCO SOCIALMINER SENSITIVE INFORMATION GET REQUEST VULNERABILITY
Trust: 0.6
db:BIDid:62304
Trust: 0.4
db:VULHUBid:VHN-65491
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65491 // 
            
            
            
            BID: 62304 // 
            
            
            
            JVNDB: JVNDB-2013-004110 // 
            
            
            
            CNNVD: CNNVD-201309-193 // 
            
            
            
            NVD: CVE-2013-5489

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5489
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30734
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86965
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5489
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5489
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps11349/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65491 // 
            
            
            
            BID: 62304 // 
            
            
            
            JVNDB: JVNDB-2013-004110 // 
            
            
            
            CNNVD: CNNVD-201309-193 // 
            
            
            
            NVD: CVE-2013-5489

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62304

SOURCES
db:VULHUBid:VHN-65491
db:BIDid:62304
db:JVNDBid:JVNDB-2013-004110
db:CNNVDid:CNNVD-201309-193
db:NVDid:CVE-2013-5489

LAST UPDATE DATE
2024-11-23T22:02:21.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65491date:2017-08-29T00:00:00
db:BIDid:62304date:2013-09-10T00:00:00
db:JVNDBid:JVNDB-2013-004110date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-193date:2013-09-17T00:00:00
db:NVDid:CVE-2013-5489date:2024-11-21T01:57:34.507

SOURCES RELEASE DATE
db:VULHUBid:VHN-65491date:2013-09-13T00:00:00
db:BIDid:62304date:2013-09-10T00:00:00
db:JVNDBid:JVNDB-2013-004110date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-193date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5489date:2013-09-13T14:10:27.343