← back
CVE-2013-3993

CVE-2013-3993

CVSS 6.5 MEDIUMEPSS 5.2%● KEVCWE-22
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.5EPSS 5.2%KEV simPoC Nuclei Metasploit Patch
Lifecycle
07 Jul 2014Published on NVD
25 May 2022Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

IBM InfoSphere BigInsights versions before 2.1.0.3 contain a vulnerability where authenticated users can bypass file and directory access controls through manipulated API parameters, potentially accessing sensitive data or executing untrusted code.

Technical detail

CWE-22 path traversal vulnerability in IBM InfoSphere BigInsights prior to 2.1.0.3 allows authenticated users to bypass intended access restrictions via crafted parameters in unspecified API calls, enabling unauthorized file/directory access and potential code execution. Attack requires valid authentication credentials and knowledge of vulnerable API endpoints.

Summary generated and translated by AI from the official description.
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/59676https://exchange.xforce.ibmcloud.com/vulnerabilities/84982https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3993http://www-01.ibm.com/support/docview.wss?uid=swg21677445http://www.securityfocus.com/bid/68449