CVE-2013-5387
IBM Platform Symphony DE Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.
Desbordamiento de búfer en la plataforma IBM Symphony 5.2, 6.1 y 6.1.1 que permite a atacantes remotos provocar una denegación de servicio (caída de proceso o bloqueo) a través de una petición SOAP manipulada con una gran cantidad de datos en la solicitud.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists in the way SOAP requests are handled. A malformed SOAP request would overwrite a statically sized buffer that could allow remote code execution in the context of the process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-08-22 CVE Reserved
- 2013-11-06 CVE Published
- 2023-09-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/63517 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87109 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Platform Symphony Search vendor "Ibm" for product "Platform Symphony" | 5.2 Search vendor "Ibm" for product "Platform Symphony" and version "5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Platform Symphony Search vendor "Ibm" for product "Platform Symphony" | 6.1 Search vendor "Ibm" for product "Platform Symphony" and version "6.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Platform Symphony Search vendor "Ibm" for product "Platform Symphony" | 6.1.1 Search vendor "Ibm" for product "Platform Symphony" and version "6.1.1" | - |
Affected
| ||||||