CVE-2013-0520 - OpenCVE

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sterling Secure Proxy

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sterling_secure_proxy:3.2.0.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.3.0.1:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.0.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.0:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.2:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.5:::::::*
	cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.6:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
https://exchange.xforce.ibmcloud.com/vulnerabilities/83433

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-05-10T10:00:00

Updated: 2024-08-06T14:33:05.232Z

Reserved: 2012-12-16T00:00:00

Link: CVE-2013-0520

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-05-10T11:42:29.940

Modified: 2017-08-29T01:33:04.793

Link: CVE-2013-0520

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"}, {"name": "ssp-cve20130520-info-disclosure(83433)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83433"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0520", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"}, {"name": "ssp-cve20130520-info-disclosure(83433)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83433"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:33:05.232Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"}, {"name": "ssp-cve20130520-info-disclosure(83433)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83433"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0520", "datePublished": "2013-05-10T10:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:33:05.232Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FE7EA7-FDF8-455D-B7B0-E16B0351AC4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B250B238-B5F7-4BD8-925F-A56FE09E7D38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB04C5D8-4791-480F-9B94-F9AF50261EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "46AF20EF-6C11-4838-9916-99BEEAF90384", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA2E914D-19F8-4014-B20E-67A2B880F5AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CC7085CC-C810-4360-8374-59A6B3E13F66", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "810C1644-6E69-413D-8AB8-C4CC45DC93DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data."}, {"lang": "es", "value": "IBM Sterling Secure Proxy v3.2.0 y v3.3.01 anterior a v3.3.01.23 Interim Fix 1, v3.4.0 anterior a v3.4.0.6 Interim Fix 1, y v3.4.1 anterior a v3.4.1.7 permite a atacantes remotos autenticados obtener informaci\u00f3n sensible de la pila de Java (\"Java stack-trace\")proporcionando datos de entrada inv\u00e1lidos."}], "id": "CVE-2013-0520", "lastModified": "2017-08-29T01:33:04.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-10T11:42:29.940", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83433"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}