Skip to main content

Infosphere Optim Data Growth For Oracle E Business Suite CVE-2013-0580

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2013-10-10 psirt@us.ibm.com
4.9
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:A/AC:M/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:M/Au:S/C:P/I:P/A:P
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 10, 2013 - 10:55 cve.org
MEDIUM 4.9

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the. Rated medium severity (CVSS 4.9). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. Affected products include: Ibm Infosphere Optim Data Growth For Oracle E-Business Suite. Version information: through 9.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

Share

CVE-2013-0580 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy