CVE-2013-4091 - Vulnerability Details - OpenCVE

ReportizFlow

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Imperva	Securesphere

Configuration 1 [-]

cpe:2.3:a:imperva:securesphere:9.0.0.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html
http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-06-28T23:00:00Z

Updated: 2024-09-17T04:25:49.140Z

Reserved: 2013-06-11T00:00:00Z

Link: CVE-2013-4091

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-28T23:55:09.190

Modified: 2024-11-21T01:54:51.750

Link: CVE-2013-4091

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-06-28T23:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2013-4091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"}, {"name": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt", "refsource": "MISC", "url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:49.973Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4091", "datePublished": "2013-06-28T23:00:00Z", "dateReserved": "2013-06-11T00:00:00Z", "dateUpdated": "2024-09-17T04:25:49.140Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imperva:securesphere:9.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8A4690F8-C2CB-49C4-AA7E-863F59AB0E1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 no tiene un atributo de autocompletar para el campo de la contrase\u00f1a (aka j_password)en la p\u00e1gina de inicio de sesi\u00f3n secsphLogin.jsp, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso mediante el aprovechamiento una estaci\u00f3n de trabajo sin supervisi\u00f3n."}], "id": "CVE-2013-4091", "lastModified": "2024-11-21T01:54:51.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-28T23:55:09.190", "references": [{"source": "[email protected]", "url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"}, {"source": "[email protected]", "url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "[email protected]", "type": "Primary"}]}