Vulnerability Details CVE-2013-3040
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21646136
- http://www.securityfocus.com/bid/61755
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84765
- http://www-01.ibm.com/support/docview.wss?uid=swg21646136
- http://www.securityfocus.com/bid/61755
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84765
Products affected by CVE-2013-3040
-
cpe:2.3:a:ibm:infosphere_information_server:8.5
-
cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1
-
cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2
-
cpe:2.3:a:ibm:infosphere_information_server:8.5.0.3
-
cpe:2.3:a:ibm:infosphere_information_server:8.7
-
cpe:2.3:a:ibm:infosphere_information_server:8.7.0.1
-
cpe:2.3:a:ibm:infosphere_information_server:8.7.0.2
-
cpe:2.3:a:ibm:infosphere_information_server:9.1