IBM User credentials can be changed without authorization with a POST request in IBM Netezza Performance Portal 2.0 (CVE-2013-6731)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
An authenticated IBM Netezza Performance Portal user without privileges to manage another users account can change the password of other users. CVE(s): CVE-2013-6731 Affected product(s) and affected version(s): IBM Netezza Performance Portal 2.0, 2.0.0.1, 2.0.0.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21663353 X-Force Database: http://xforce.iss.net/xforce/xfdb/89393
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_user_credentials_can_be_changed_without_authorization_with_a_post_request_in_ibm_netezza_performance_portal_2_0_cve_2013_6731?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2013-6731 ,CVE-2013-5427 ,CVE-2013-6727 ,CVE-2013-5371 and CVE-2013-1500. |