CVE-2012-0205 - Vulnerability Details

Vendors	Products
Ibm	Infosphere Information Server Infosphere Metadata Workbench

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
https://exchange.xforce.ibmcloud.com/vulnerabilities/73265

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0205", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:16:20.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0205", "datePublished": "2013-01-31T11:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-06T18:16:20.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2013-01-25T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

}

1 : { »

name : infosphere-mw-ts-security-bypass(73265) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/73265 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2012-0205 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

}

1 : { »

name : infosphere-mw-ts-security-bypass(73265) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/73265 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T18:16:20.033Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

}

1 : { »

name : infosphere-mw-ts-security-bypass(73265) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/73265 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2012-0205 (string)

datePublished : 2013-01-31T11:00:00 (string)

dateReserved : 2011-12-14T00:00:00 (string)

dateUpdated : 2024-08-06T18:16:20.033Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "119C8531-8A75-4CF7-82E5-55DC4892DC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "86B06821-0A5A-4B7D-9860-1DA3216105DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "87003704-8EFE-4EC5-85F9-91B2C632E31F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "DCB9E171-173E-42E0-8C0F-BE4C60CE09F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "CF8CBD87-D6A3-48E6-B8AF-D86DC3754466", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}, {"lang": "es", "value": "InfoSphere Metadata Workbench (MWB) v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no restringe correctamente el uso de la funcionlidad de resolucion de problemas, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso o causar una denegaci\u00f3n de servicio mediante vectores no especificados."}], "id": "CVE-2012-0205", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-31T12:06:17.753", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 317FAE67-76E2-4084-9393-8A02D255BAF5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:* (string)

matchCriteriaId : CA7096B4-291F-49BB-8DBC-E67AC901CF08 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D547E88D-FE3F-4C90-B7D8-301A1449E9AB (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 42A9CF5C-79EC-4BBF-92AF-2AB3DC125684 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 119C8531-8A75-4CF7-82E5-55DC4892DC17 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 86B06821-0A5A-4B7D-9860-1DA3216105DD (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 87003704-8EFE-4EC5-85F9-91B2C632E31F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:infosphere_metadata_workbench:8.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DCB9E171-173E-42E0-8C0F-BE4C60CE09F2 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:infosphere_metadata_workbench:8.7:*:*:*:*:*:*:* (string)

matchCriteriaId : CF8CBD87-D6A3-48E6-B8AF-D86DC3754466 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : InfoSphere Metadata Workbench (MWB) v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no restringe correctamente el uso de la funcionlidad de resolucion de problemas, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso o causar una denegación de servicio mediante vectores no especificados. (string)

}

]

id : CVE-2012-0205 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-01-31T12:06:17.753 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/73265 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21623501 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/73265 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object