Flashes (Alerts)
Abstract
Security vulnerability found in command line interface (CLI) able to delete/start/stop any virtual system with read-only rights.
Content
Authenticated users with lesser privilege roles have the ability to perform actions that are not allowed on the virtual system using the command-line interface.
CVEID: CVE-2013-5455
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P)
The following products and versions are affected:
Use the following remediation table to upgrade your system to the appropriate level.
Product | VRMF | APAR | Remediation/First Fix |
PureApplication System | Version 1.0 | APAR IC96505 | |
PureApplication System | Version 1.1 | APAR IC96505 |
None
Mitigations
None
References
Complete CVSS Guide
On-line Calculator V2
Related Information
IBM Secure Engineering Web Portal
Acknowledgement
None
Change History
12 December 2013: Original Copy Published
[{"Product":{"code":"SSM8NY","label":"PureApplication System"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"}],"Version":"1.1.0.2","Edition":"","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21659206