Boletines de Vulnerabilidades

IBM User credentials can be changed without authorization with a POST request in IBM Netezza Performance Portal 2.0 (CVE-2013-6731)

Información sobre el sistema
   
Software afectado IBM

Descripción
An authenticated IBM Netezza Performance Portal user without privileges to manage another users account can change the password of other users. CVE(s): CVE-2013-6731 Affected product(s) and affected version(s): IBM Netezza Performance Portal 2.0, 2.0.0.1, 2.0.0.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21663353 X-Force Database: http://xforce.iss.net/xforce/xfdb/89393

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_user_credentials_can_be_changed_without_authorization_with_a_post_request_in_ibm_netezza_performance_portal_2_0_cve_2013_6731?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-6731 ,CVE-2013-5427 ,CVE-2013-6727 ,CVE-2013-5371 and CVE-2013-1500.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-03-04

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT