NVD Vulnerability Detail

CVE-2013-5426

Summary	Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.
Publication Date	Dec. 20, 2013, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:45 p.m.
Last Update	Nov. 21, 2024, 10:57 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*
cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:11.0:::::::*
cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.1:::::::*
cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www-01.ibm.com/support/docview.wss?uid=swg21660082	Vendor Advisory
2	http://www-01.ibm.com/support/docview.wss?uid=swg21660082	Vendor Advisory
3	https://exchange.xforce.ibmcloud.com/vulnerabilities/87535
4	https://exchange.xforce.ibmcloud.com/vulnerabilities/87535

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-287	不適切な認証	https://cwe.mitre.org/data/definitions/287.html

JVN Vulnerability Information

複数の IBM InfoSphere Master Data Management 製品における Web セッションをハイジャックされる脆弱性

Title	複数の IBM InfoSphere Master Data Management 製品における Web セッションをハイジャックされる脆弱性
Summary	IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management には、Web セッションをハイジャックされる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、Web セッションをハイジャックされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 16, 2013, midnight
Registration Date	Dec. 24, 2013, 4:04 p.m.
Last Update	Dec. 24, 2013, 4:04 p.m.

Affected System

IBM

IBM InfoSphere Master Data Management - Collaborative Edition 10.1 IF5 未満の 10.x

IBM InfoSphere Master Data Management - Collaborative Edition 11.0 IF1 未満の 11.0

IBM InfoSphere Master Data Management Server for Product Information Management 9.1 IF11 未満の 9.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-5426	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5426
National Vulnerability Database (NVD)
2	CVE-2013-5426	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5426

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
IBM Support Document
1	1660082	http://www-01.ibm.com/support/docview.wss?uid=swg21660082

Change Log

No	Changed Details	Date of change
0	[2013年12月24日] 掲載	Feb. 17, 2018, 10:37 a.m.