Vulnerability Details : CVE-2013-2992
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-2992
- cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2992
2.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2992
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-2992
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2992
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR47295
IBM JR47295: CMVC 229684 229718 -Search performance enhancements bundle
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR47273
IBM JR47273: CMVC 228787 - WebSphere Commerce Search cumulative iFix in v7 Feature Pack 5
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR46013
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR47313
IBM JR47313: Metadata used by Update Installer is missing edition specific files, any fixes for those files can't be applied.
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR47420
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21648644
IBM Security Bulletin: Potential DoS vulnerability related to WebSphere Commerce Search functionality (CVE-2013-2992)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR47425
IBM JR47425: CMVC 229698 - This APAR makes synonym expansion for AND type search more compact
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84018
IBM WebSphere Commerce search functionality denial of service CVE-2013-2992 Vulnerability Report
Jump to