IBM Support

Security vulnerability found in the command-line interface for PureApplication System (CVE-2013-5455)

Flashes (Alerts)


Abstract

Security vulnerability found in command line interface (CLI) able to delete/start/stop any virtual system with read-only rights.

Content

Authenticated users with lesser privilege roles have the ability to perform actions that are not allowed on the virtual system using the command-line interface.

CVEID: CVE-2013-5455
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P)

The following products and versions are affected:

  • IBM PureApplication System Version 1.0 or later
  • IBM PureApplication System Version 1.1 or later


  • Use the following remediation table to upgrade your system to the appropriate level.
    ProductVRMFAPARRemediation/First Fix
    PureApplication SystemVersion 1.0APAR IC96505
    PureApplication SystemVersion 1.1APAR IC96505
    Workarounds
    None

    Mitigations
    None

    References
    Complete CVSS Guide
    On-line Calculator V2

    Related Information
    IBM Secure Engineering Web Portal


    Acknowledgement
    None

    Change History
    12 December 2013: Original Copy Published

    [{"Product":{"code":"SSM8NY","label":"PureApplication System"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"}],"Version":"1.1.0.2","Edition":"","Line of Business":{"code":"","label":""}}]

    Document Information

    Modified date:
    25 September 2022

    UID

    swg21659206