fkie_nvd - fkie_cve-2013-0589

fkie_cve-2013-0589

Vulnerability from fkie_nvd

Published

2018-07-11 16:29

Modified

2024-11-21 01:47

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/83371	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/83371	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.0.0.0
ibm	inotes	8.0.1.0
ibm	inotes	8.0.2.0
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.2.0
ibm	inotes	8.5.3.0
ibm	inotes	9.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A3B1B1-D7AD-439B-B34E-47A5711A2C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0412E062-0ED4-41F3-8F32-807A5AA3FE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43A49D7-6046-443C-96F5-E00905B22B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371."
    },
    {
      "lang": "es",
      "value": "IBM iNotes en versiones anteriores a la 8.5.3 Fix Pack 6 y versiones 9.x anteriores a la 9.0.1 permite que atacantes remotos omitan el mecanismo de filtrado remoto de im\u00e1genes y obtener informaci\u00f3n sensible mediante un mensaje de email manipulado. IBM X-Force ID: 83371."
    }
  ],
  "id": "CVE-2013-0589",
  "lastModified": "2024-11-21T01:47:48.797",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T16:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-0589 (GCVE-0-2013-0589)

Vulnerability from cvelistv5

Published

2018-07-11 16:00