VAR-201310-0312
Vulnerability from variot - Updated: 2025-04-11 22:51The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unspecified security vulnerability. Limited information is currently available regarding this issue. We will update this BID as more information emerges. IBM WebSphere DataPower XC10 Appliance 2.1.0 and 2.5.0 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. An unauthorized attacker could exploit this vulnerability to perform administrator actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.1.0.0"
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"model": "websphere datapower xc10 the appliance",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "websphere datapower xc10 the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.1.0"
},
{
"model": "websphere datapower xc10 the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.5.0"
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0"
}
],
"sources": [
{
"db": "BID",
"id": "63250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ibm:websphere_datapower_xc10_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:websphere_datapower_xc10_appliance_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "63250"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-65448",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5446",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-507",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-65448",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unspecified security vulnerability. \nLimited information is currently available regarding this issue. We will update this BID as more information emerges. \nIBM WebSphere DataPower XC10 Appliance 2.1.0 and 2.5.0 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. An unauthorized attacker could exploit this vulnerability to perform administrator actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "BID",
"id": "63250"
},
{
"db": "VULHUB",
"id": "VHN-65448"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5446",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507",
"trust": 0.7
},
{
"db": "XF",
"id": "87910",
"trust": 0.6
},
{
"db": "XF",
"id": "10",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "IC93164",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "IC96617",
"trust": 0.6
},
{
"db": "BID",
"id": "63250",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65448",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65448"
},
{
"db": "BID",
"id": "63250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"id": "VAR-201310-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65448"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:51:33.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "1653546",
"trust": 0.8,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21653546"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic93164"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic96617"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21653546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87910"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5446"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/87910"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/webservers/appserv/xc10/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653546"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65448"
},
{
"db": "BID",
"id": "63250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65448"
},
{
"db": "BID",
"id": "63250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-65448"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63250"
},
{
"date": "2013-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"date": "2013-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"date": "2013-10-22T11:17:15.297000",
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-65448"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63250"
},
{
"date": "2013-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004828"
},
{
"date": "2013-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-507"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM WebSphere DataPower XC10 Vulnerability in console running on appliance",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-507"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…