Vulnerability Details : CVE-2013-6734
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
Products affected by CVE-2013-6734
- cpe:2.3:a:ibm:websphere_extreme_scale_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale_client:7.0.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6734
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6734
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-6734
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6734
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89397
IBM WebSphere eXtreme Scale and WebSphere DataPower XC10 Client information disclosure CVE-2013-6734 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21664641
IBM Security Bulletin: WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance client vulnerability (CVE-2013-6734)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341
IBM PI06341: The WebSphere eXtreme Scale Client might allow the cached HTTP session data of one user to be accessed by a different user.
Jump to