CVE-2012-0205 - OpenCVE

InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Information Server Infosphere Metadata Workbench

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.1:::::::*
	cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.2:::::::*
	cpe:2.3:a:ibm:infosphere_metadata_workbench:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_metadata_workbench:8.7:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
https://exchange.xforce.ibmcloud.com/vulnerabilities/73265

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-01-31T11:00:00

Updated: 2024-08-06T18:16:20.033Z

Reserved: 2011-12-14T00:00:00

Link: CVE-2012-0205

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-01-31T12:06:17.753

Modified: 2017-08-29T01:30:52.380

Link: CVE-2012-0205

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0205", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:16:20.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"name": "infosphere-mw-ts-security-bypass(73265)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0205", "datePublished": "2013-01-31T11:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-06T18:16:20.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "119C8531-8A75-4CF7-82E5-55DC4892DC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "86B06821-0A5A-4B7D-9860-1DA3216105DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "87003704-8EFE-4EC5-85F9-91B2C632E31F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "DCB9E171-173E-42E0-8C0F-BE4C60CE09F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_metadata_workbench:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "CF8CBD87-D6A3-48E6-B8AF-D86DC3754466", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors."}, {"lang": "es", "value": "InfoSphere Metadata Workbench (MWB) v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no restringe correctamente el uso de la funcionlidad de resolucion de problemas, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso o causar una denegaci\u00f3n de servicio mediante vectores no especificados."}], "id": "CVE-2012-0205", "lastModified": "2017-08-29T01:30:52.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-31T12:06:17.753", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73265"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}