File and Directory Restriction Bypass in IBM InfoSphere BigInsights
CVE-2013-3993

6.5MEDIUM

Key Information:

Vendor
IBM
Status
Infosphere Biginsights
Vendor
CVE Published:
7 July 2014

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

Summary

IBM InfoSphere BigInsights prior to version 2.1.0.3 contains a vulnerability that allows remote authenticated users to bypass intended file and directory restrictions. This can be exploited through specially crafted parameters in unspecified API calls, potentially leading to unauthorized access to untrusted data or code.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: The impacted product is end-of-life and should be disconnected if still in use.

References

http://secunia.com/advisories/59676
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/68449
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/84982
vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.