CVE-2013-0487 - OpenCVE

The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Domino

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_domino:8.5.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.0.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.3:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.4:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.5:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.3:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.4:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.2:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21627597
https://exchange.xforce.ibmcloud.com/vulnerabilities/81852

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-03-27T10:00:00

Updated: 2024-08-06T14:25:10.383Z

Reserved: 2012-12-16T00:00:00

Link: CVE-2013-0487

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-03-27T12:23:46.113

Modified: 2017-08-29T01:33:03.510

Link: CVE-2013-0487

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "domino-controller-auth-bypass(81852)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0487", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "domino-controller-auth-bypass(81852)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.383Z"}, "title": "CVE Program Container", "references": [{"name": "domino-controller-auth-bypass(81852)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0487", "datePublished": "2013-03-27T10:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:25:10.383Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."}, {"lang": "es", "value": "La Java Console en IBM Domino 8.5.x, permite a usuarios autenticados remotamente secuestrar credenciales temporalmente aprovechando el conocimiento sobre los detalles de los archivos de configuraci\u00f3n. Aka aka SPR KLYH8TNNDN."}], "id": "CVE-2013-0487", "lastModified": "2017-08-29T01:33:03.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-27T12:23:46.113", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}