CVE-2013-6734 - OpenCVE

IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Extreme Scale Client

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_extreme_scale_client::::::::
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.3:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.3:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.3:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341
http://www-01.ibm.com/support/docview.wss?uid=swg21664641
https://exchange.xforce.ibmcloud.com/vulnerabilities/89397

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-02-22T21:00:00

Updated: 2024-08-06T17:46:22.938Z

Reserved: 2013-11-08T00:00:00

Link: CVE-2013-6734

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-22T21:55:09.170

Modified: 2017-08-29T01:34:00.497

Link: CVE-2013-6734

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "PI06341", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341"}, {"name": "ibm-websphere-cve20136734-info-disc(89397)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664641"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-6734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "PI06341", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341"}, {"name": "ibm-websphere-cve20136734-info-disc(89397)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89397"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664641", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664641"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:46:22.938Z"}, "title": "CVE Program Container", "references": [{"name": "PI06341", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341"}, {"name": "ibm-websphere-cve20136734-info-disc(89397)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664641"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-6734", "datePublished": "2014-02-22T21:00:00", "dateReserved": "2013-11-08T00:00:00", "dateUpdated": "2024-08-06T17:46:22.938Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "64863DB8-00A6-4EDF-A451-5FFC89594B88", "versionEndIncluding": "8.6.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E75292F-3114-4BAE-AFB2-1DF58D08F2E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1B294AB-DC67-40AE-ABE2-F2FBD0C0457A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "508DF17B-4141-42BD-B1D3-2BFF49A95B91", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D63B6556-7631-4DEC-B74A-E00E9E95B815", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "17BB04FF-DA77-429F-85B0-38F3360FB5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E85FDD6-7E95-44B7-9202-7DA706BF7F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "684B0290-464C-4AFE-B74C-8DF7926745D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "34646FFE-3403-4EC0-97E8-DBFADD312374", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "26E425B9-DB4B-4E08-A665-AA4AE3FCF27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB7C5438-1006-4FAB-BB71-C4D920C630CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "485D6EB8-5419-45AB-A368-49897BFDBC0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9EA684D-93D4-4846-831A-4DEA42EF821E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "EB4D202E-A04E-4710-9339-554291240998", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "813A4312-7D74-4600-B5F2-4DD158E05CFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container."}, {"lang": "es", "value": "WebSphere eXtreme Scale Client versiones 7.1 hasta 8.6.0.4 de IBM, no a\u00edsla apropiadamente los datos almacenados en cach\u00e9 de diferentes usuarios, lo que permite a los usuarios autenticados remotos obtener informaci\u00f3n confidencial en circunstancias oportunistas al aprovechar el acceso al mismo contenedor web."}], "id": "CVE-2013-6734", "lastModified": "2017-08-29T01:34:00.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-22T21:55:09.170", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664641"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89397"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}