CVE-2013-5461

{"id": "CVE-2013-5461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-04-27T16:29:00.300", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88309", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309."}, {"lang": "es", "value": "IBM Endpoint Manager for Remote Control 9.0.0 y 9.0.1 y Tivoli Remote Control 5.1.2 almacenan m\u00faltiples hashes de contrase\u00f1as parciales, lo que facilita que atacantes remotos descifren contrase\u00f1as aprovechando el acceso a los hashes. IBM X-Force ID: 88309."}], "lastModified": "2018-06-04T16:22:43.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E50BE84B-F203-411C-AAEE-1F0ECFF61839"}, {"criteria": "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B4383F-F25A-40E7-A3E2-C79D94F13957"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}