CVE-2013-3993
MEDIUM KEV RANSOMWAREIBM InfoSphere BigInsights < 2.1.0.3 - Authenticated Path Traversal via API Parameters
Title source: llmExploitation Summary
CVE-2013-3993 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns.
Description
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3993
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59676
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68449
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84982
Broken Link, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21677445
Scores
CVSS v3
6.5
EPSS
0.2649
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-25
VulnCheck KEV
2022-01-26
InTheWild.io
2022-05-25
ENISA EUVD
EUVD-2013-3925
Ransomware Use
Confirmed
CWE
CWE-22
Status
published
Products (1)
ibm/infosphere_biginsights
< 2.1.0.3
Published
Jul 07, 2014
KEV Added
May 25, 2022
Tracked Since
Feb 18, 2026