CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0CVE-2013-5400 – IBM Platform Symphony DE Auth-Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5400
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. Un servlet no especificado en IBM Platform Symphony Developer Edition (DE) 5.2 y 6.1.x hasta 6.1.1 tiene las credenciales embebidas, lo que permite a atacantes remotos evadir la autenticación y obtener acceso al "entorno local" a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SoamGui servlet. The servlet uses a fixed username and password which allows a malicious user to execute commands remotely in the context of the process. • http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564 https://exchange.xforce.ibmcloud.com/vulnerabilities/87296 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6305
https://notcve.org/view.php?id=CVE-2013-6305
IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. IBM Platform Symphony 5.2 anterior a la build 229037 y 6.1.0.1 anterior a la build 229073 utiliza los mismos credenciales de cifrado en varias instalaciones de cliente, lo cual facilita a atacantes dependientes del contexto obtener información sensible aprovechando el conocimiento de esta clave. • http://osvdb.org/102262 http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528 https://exchange.xforce.ibmcloud.com/vulnerabilities/88536 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 87%CPEs: 3EXPL: 0CVE-2013-5387 – IBM Platform Symphony DE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5387
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data. Desbordamiento de búfer en la plataforma IBM Symphony 5.2, 6.1 y 6.1.1 que permite a atacantes remotos provocar una denegación de servicio (caída de proceso o bloqueo) a través de una petición SOAP manipulada con una gran cantidad de datos en la solicitud. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the way SOAP requests are handled. A malformed SOAP request would overwrite a statically sized buffer that could allow remote code execution in the context of the process. • http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072 http://www.securityfocus.com/bid/63517 https://exchange.xforce.ibmcloud.com/vulnerabilities/87109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •