CVE-2013-4022

low

Published 2013-09-25 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21650504

Application impact

Vendor	Product	Versions
ibm	data_studio_web_console	`3.1.0`
ibm	db2_recovery_expert	`2.0`
ibm	infosphere_optim_configuration_manager	`2.0`
ibm	infosphere_optim_configuration_manager	`2.1`
ibm	optim_performance_manager	`5.1.0`

References

http://www-01.ibm.com/support/docview.wss?uid=swg21650504
https://exchange.xforce.ibmcloud.com/vulnerabilities/85928
http://www-01.ibm.com/support/docview.wss?uid=swg21650504
https://exchange.xforce.ibmcloud.com/vulnerabilities/85928

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.