CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/62685	Third Party Advisory VDB Entry
https://www.ibm.com/support/pages/node/235239	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:::::::*
	cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:6.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5:::::::*
	cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_government:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:6.3:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:6.3:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:::::::*
	cpe:2.3:a:ibm:maximo_service_desk:6.2:::::::*

Information

Published : 2020-02-18 09:15

Updated : 2020-02-21 08:51

NVD link : CVE-2013-3323

Mitre link : CVE-2013-3323

JSON object : View

CWE

CWE-269

Improper Privilege Management

Products Affected

ibm

maximo_for_life_sciences
change_and_configuration_management_database
tivoli_asset_management_for_it
maximo_asset_management_essentials
maximo_for_nuclear_power
maximo_asset_management
maximo_service_desk
maximo_for_government
smartcloud_control_desk
maximo_for_utilities
maximo_for_oil_and_gas
tivoli_service_request_manager
maximo_for_transportation

9.8 /10