Sign-up

ID

VAR-201312-0176


CVE

CVE-2013-5413


TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-005677

DESCRIPTION

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker could exploit this vulnerability to bypass authentication

Trust: 1.98

sources: NVD: CVE-2013-5413 // JVNDB: JVNDB-2013-005677 // BID: 64448 // VULHUB: VHN-65415

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.4

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-005677 // CNNVD: CNNVD-201312-448 // NVD: CVE-2013-5413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5413
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5413
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-448
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65415
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5413
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65415
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65415 // JVNDB: JVNDB-2013-005677 // CNNVD: CNNVD-201312-448 // NVD: CVE-2013-5413

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-65415 // JVNDB: JVNDB-2013-005677 // NVD: CVE-2013-5413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-448

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201312-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005677

PATCH
title:IC96051url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC96051
Trust: 0.8
title:1657539url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 0.8
title:SI_BUILD_5020401url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47224
Trust: 0.6
title:CXSI5204url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47223
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-005677 // 
            
            
            
            CNNVD: CNNVD-201312-448

EXTERNAL IDS
db:NVDid:CVE-2013-5413
Trust: 2.8
db:JVNDBid:JVNDB-2013-005677
Trust: 0.8
db:CNNVDid:CNNVD-201312-448
Trust: 0.7
db:XFid:87362
Trust: 0.6
db:XFid:20135413
Trust: 0.6
db:AIXAPARid:IC96051
Trust: 0.6
db:BIDid:64448
Trust: 0.4
db:VULHUBid:VHN-65415
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65415 // 
            
            
            
            BID: 64448 // 
            
            
            
            JVNDB: JVNDB-2013-005677 // 
            
            
            
            CNNVD: CNNVD-201312-448 // 
            
            
            
            NVD: CVE-2013-5413

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic96051
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87362
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5413
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5413
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87362
Trust: 0.6
sources:
            
            
            VULHUB: VHN-65415 // 
            
            
            
            JVNDB: JVNDB-2013-005677 // 
            
            
            
            CNNVD: CNNVD-201312-448 // 
            
            
            
            NVD: CVE-2013-5413

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 64448

SOURCES
db:VULHUBid:VHN-65415
db:BIDid:64448
db:JVNDBid:JVNDB-2013-005677
db:CNNVDid:CNNVD-201312-448
db:NVDid:CVE-2013-5413

LAST UPDATE DATE
2024-11-23T23:09:55.100000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65415date:2017-08-29T00:00:00
db:BIDid:64448date:2014-01-28T01:03:00
db:JVNDBid:JVNDB-2013-005677date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-448date:2013-12-25T00:00:00
db:NVDid:CVE-2013-5413date:2024-11-21T01:57:26.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-65415date:2013-12-21T00:00:00
db:BIDid:64448date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005677date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-448date:2013-12-25T00:00:00
db:NVDid:CVE-2013-5413date:2013-12-21T14:22:57.003