CVE-2013-5445

{"id": "CVE-2013-5445", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-25T20:55:06.810", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87821", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87821", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key."}, {"lang": "es", "value": "IBM Cognos Express 9.0 anterior a IFIX 2, 9.5 anterior a IFIX 2, 10.1 anterior a IFIX 2 y 10.2.1 anterior a FP1 permite a usuarios locales obtener informaci\u00f3n sensible en texto plano mediante el aprovechamiento de conocimientos de una clave de descifrado est\u00e1tica."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_express:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0F50AE-539F-4F17-988A-9DD81192F576"}, {"criteria": "cpe:2.3:a:ibm:cognos_express:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "892CBDCE-0ECD-4AA9-84C5-A5AE272C566A"}, {"criteria": "cpe:2.3:a:ibm:cognos_express:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9705C3F0-8FE0-418F-A1EF-ADC9AE0BB4CA"}, {"criteria": "cpe:2.3:a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3D2946-00AA-4639-90DC-1A6CA17C78F9"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626\n\n\"Encrypted credentials can be remotely retrieved from the IBM Cognos Express server.\"", "sourceIdentifier": "psirt@us.ibm.com"}