IBM Data Studio 3.1 / 3.1.1 Help System Multiple Vulnerabilities

Medium Nessus Plugin ID 65576

Synopsis

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description

The remote host has a version of IBM Data Studio installed that is
affected by multiple vulnerabilities :

- An unspecified open-redirect vulnerability exists in the
Eclipse help system components. (CVE-2012-2159)

- An unspecified cross-site scripting vulnerability exists
in the Eclipse help system components. (CVE-2012-2161)

- An unspecified vulnerability exists that could allow
disclosure of source code on the help system server.
(CVE-2013-0467)

Solution

Upgrade to IBM Data Studio 3.2.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21625573

http://www-01.ibm.com/support/docview.wss?uid=swg24033663

Plugin Details

Severity: Medium

ID: 65576

File Name: ibm_data_studio_help_system_multiple_vulns.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 2013/03/15

Modified: 2018/07/12

Dependencies: 65575

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:data_studio

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/12/07

Vulnerability Publication Date: 2012/06/08

Reference Information

CVE: CVE-2012-2159, CVE-2012-2161, CVE-2013-0467

BID: 53884, 58000

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990