CVE-2013-4058 - OpenCVE

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Information Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1.2:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206
http://www-01.ibm.com/support/docview.wss?uid=swg21666684
http://www.securityfocus.com/bid/66155
https://exchange.xforce.ibmcloud.com/vulnerabilities/86547

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-03-16T10:00:00

Updated: 2024-08-06T16:30:49.895Z

Reserved: 2013-06-07T00:00:00

Link: CVE-2013-4058

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-03-16T14:06:44.663

Modified: 2017-08-29T01:33:34.777

Link: CVE-2013-4058

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "JR49200", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200"}, {"name": "JR48815", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815"}, {"name": "ibm-infosphere-cve20134058-sqli(86547)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86547"}, {"name": "JR49206", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206"}, {"name": "66155", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66155"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4058", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JR49200", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200"}, {"name": "JR48815", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815"}, {"name": "ibm-infosphere-cve20134058-sqli(86547)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86547"}, {"name": "JR49206", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206"}, {"name": "66155", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66155"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:49.895Z"}, "title": "CVE Program Container", "references": [{"name": "JR49200", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200"}, {"name": "JR48815", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815"}, {"name": "ibm-infosphere-cve20134058-sqli(86547)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86547"}, {"name": "JR49206", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206"}, {"name": "66155", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66155"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4058", "datePublished": "2014-03-16T10:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.895Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57FEAC62-FF71-4AFC-B907-C0AC5301FB35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C940220-98F4-41FC-93BE-6D33D4AE9447", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "71FEBA37-59D9-4BE0-8072-3BB60832BDB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A8C1149-EA1D-42AA-8478-56F5A63B1D5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E464E9EC-FECD-4243-B2CF-87E54D09875E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el servidor de IBM InfoSphere Information 8.x hasta 8.5 FP3, 8.7.x hasta 8.7 FP2 y 9.1.x hasta 9.1.2.0 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de interfaces no especificadas."}], "id": "CVE-2013-4058", "lastModified": "2017-08-29T01:33:34.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-16T14:06:44.663", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/66155"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86547"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}