CVE Vulnerabilities

CVE-2013-4025

Published: Sep 25, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected Software

Name Vendor Start Version End Version
Data_studio_web_console Ibm 3.1.0 3.1.0
Db2_recovery_expert Ibm 2.0 2.0
Infosphere_optim_configuration_manager Ibm 2.0 2.0
Infosphere_optim_configuration_manager Ibm 2.1 2.1
Optim_performance_manager Ibm 5.1.0 5.1.0

References