CVE-2013-0578
IBM Sterling Multi-Channel Fulfillment Solution & Selling and Fulfillment Foundation - Improper Authentication
Title source: llmDescription
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21636034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83330
Scores
EPSS
0.0135
EPSS Percentile
68.0%
Details
CWE
CWE-287
Status
published
Products (50)
ibm/sterling_multi-channel_fulfillment_solution
8.0
ibm/sterling_selling_and_fulfillment_foundation
8.5
ibm/sterling_selling_and_fulfillment_foundation
9.0
ibm/sterling_selling_and_fulfillment_foundation
9.2.0
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.1
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.2
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.3
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.4
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.5
ibm/sterling_selling_and_fulfillment_foundation
9.2.0.6
... and 40 more
Published
May 10, 2013
Tracked Since
Feb 18, 2026