CVE-2013-4025

EUVD-2013-3956
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
ibmdata_studio_web_console
3.1.0
ibmdb2_recovery_expert
2.0
ibminfosphere_optim_configuration_manager
2.0
ibminfosphere_optim_configuration_manager
2.1
ibmoptim_performance_manager
5.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21650504
https://exchange.xforce.ibmcloud.com/vulnerabilities/85933
http://www-01.ibm.com/support/docview.wss?uid=swg21650504
https://exchange.xforce.ibmcloud.com/vulnerabilities/85933