CVE-2013-5461

Опубликовано: 27 апр. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 4

EPSS Низкий

Описание

IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/88309
VDB Entry
Vendor Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/
Vendor Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/88309
VDB Entry
Vendor Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/
Vendor Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00322

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-98jc-xpg4-43m9