CVE-2013-5397
CVE-2013-5397 is a low-severity vulnerability in Ibm Rational Focal Point with a CVSS 2.0 base score of 3.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Low (CVSS 2.0 base score 3.3)
- EPSS exploit prediction: 1% (44th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Ibm Rational Focal Point
- Published:
- Last modified:
Description
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.
Frequently asked questions
- What is CVE-2013-5397?
- Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.
- How severe is CVE-2013-5397?
- CVE-2013-5397 has a CVSS 2.0 base score of 3.3, rated low severity.
- Is CVE-2013-5397 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (44th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-5397?
- CVE-2013-5397 primarily affects Ibm Rational Focal Point. In total, 8 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-5397?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-5397 published?
- CVE-2013-5397 was published on 2013-12-18 and last updated on 2026-06-16.
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21654471
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87293
Affected products (8)
- cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_focal_point:6.6.1:*:*:*:*:*:*:*
More vulnerabilities in Ibm Rational Focal Point
- CVE-2014-0841 — Medium (CVSS 5.3): IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it…
- CVE-2014-0842 — Medium (CVSS 5.0): The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1…
- CVE-2013-3025 — Medium (CVSS 4.3): Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow…
- CVE-2014-0839 — Medium (CVSS 4.0): IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to…
- CVE-2014-0853 — Low (CVSS 3.5): Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM…
- CVE-2014-0843 — Low (CVSS 3.5): Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before…