CVE-2013-6798 - Vulnerability Details - OpenCVE

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Blackberry	Blackberry Link
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:blackberry:blackberry_link::::::::
	cpe:2.3:a:blackberry:blackberry_link:1.0.1.12:::::::*
	cpe:2.3:a:blackberry:blackberry_link:1.1.1.26:::::::*
	cpe:2.3:a:blackberry:blackberry_link:1.1.1.41:::::::*
	cpe:2.3:a:blackberry:blackberry_link:1.2.0.12:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:blackberry:blackberry_link::::::::
	cpe:2.3:a:blackberry:blackberry_link:1.0.1.12:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.blackberry.com/btsc/KB35315
https://exchange.xforce.ibmcloud.com/vulnerabilities/89202

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-16T11:00:00

Updated: 2024-08-06T17:46:23.464Z

Reserved: 2013-11-15T00:00:00

Link: CVE-2013-6798

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-11-18T02:55:09.797

Modified: 2024-11-21T01:59:43.520

Link: CVE-2013-6798

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "blackberry-cve20136798-sec-bypass(89202)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89202"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/KB35315"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6798", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "blackberry-cve20136798-sec-bypass(89202)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89202"}, {"name": "http://www.blackberry.com/btsc/KB35315", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/KB35315"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:46:23.464Z"}, "title": "CVE Program Container", "references": [{"name": "blackberry-cve20136798-sec-bypass(89202)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89202"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/KB35315"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6798", "datePublished": "2013-11-16T11:00:00", "dateReserved": "2013-11-15T00:00:00", "dateUpdated": "2024-08-06T17:46:23.464Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_link:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E01B51-0244-474A-B7DF-35443E13BD02", "versionEndIncluding": "1.2.0.28", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:blackberry_link:1.0.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "16D65A34-F674-4BB4-B70E-C324B0EE14DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:blackberry_link:1.1.1.26:*:*:*:*:*:*:*", "matchCriteriaId": "FC843B35-EC97-401C-8C2E-51BE62D45127", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:blackberry_link:1.1.1.41:*:*:*:*:*:*:*", "matchCriteriaId": "8E167DD9-E865-4556-985B-8C62DF6939A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:blackberry_link:1.2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D72AD0E-044A-45FE-89D2-F63C0E55E929", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_link:*:*:*:*:*:*:*:*", "matchCriteriaId": "C97597AD-B867-4271-9672-E01503D6D23B", "versionEndIncluding": "1.1.1.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:blackberry_link:1.0.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "16D65A34-F674-4BB4-B70E-C324B0EE14DE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694."}, {"lang": "es", "value": "BlackBerry Link anterior a la versi\u00f3n 1.2.1.31 en Windows y anteriores a 1.1.1 build 39 en Mac OS X no determina adecuadamente la cuenta de usuario para la ejecuci\u00f3n de Peer Manager en ciertas situaciones que involucren inicios de sesi\u00f3n sucesivos con cuentas diferentes, lo que permite a atacantes dependientes del contexto evadir restricciones intencionadas en carpetas file-access remotas a trav\u00e9s de peticiones IPv6 WebDAV, una vulnerabilidad diferente a CVE-2013-3694."}], "id": "CVE-2013-6798", "lastModified": "2024-11-21T01:59:43.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-18T02:55:09.797", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/KB35315"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/KB35315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89202"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}