CVE-2013-3998 : CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Published 2014-03-26 10:55:05

Updated 2017-08-29 01:33:32

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-3998

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 28 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-3998

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-3998

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3998

https://exchange.xforce.ibmcloud.com/vulnerabilities/84987

IBM InfoSphere BigInsights Web Application Enterprise Console response splitting CVE-2013-3998 Vulnerability Report
http://www-01.ibm.com/support/docview.wss?uid=swg21667812

IBM Security Bulletin: Multiple vulnerabilities in InfoSphere BigInsights (CVE-2013-3998, CVE-2013-3997)
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-3998

IBM » Infosphere Biginsights » Version: 1.1.0.2
cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.2.0.0
cpe:2.3:a:ibm:infosphere_biginsights:1.2.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.3.0.0
cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.3.0.1
cpe:2.3:a:ibm:infosphere_biginsights:1.3.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.4.0.0
cpe:2.3:a:ibm:infosphere_biginsights:1.4.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 2.0.0.0
cpe:2.3:a:ibm:infosphere_biginsights:2.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.1.0.0
cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 1.1.0.1
cpe:2.3:a:ibm:infosphere_biginsights:1.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 2.1.0.0
cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Biginsights » Version: 2.1.0.1
cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-3998

Exploit prediction scoring system (EPSS) score for CVE-2013-3998

CVSS scores for CVE-2013-3998

CWE ids for CVE-2013-3998

References for CVE-2013-3998

Products affected by CVE-2013-3998