Cyber Resilience

CVE-2013-3993

MediumCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 07 July 2014

Published
07 July 2014
Modified
21 April 2026
KEV Added
25 May 2022
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2649 96.4th percentile
Risk Priority 49 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-3993 is a medium-severity Path Traversal (CWE-22) vulnerability in Ibm Infosphere Biginsights. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

IBM InfoSphere BigInsights versions prior to 2.1.0.3 contain a path traversal vulnerability tracked as CVE-2013-3993 and assigned CWE-22. The flaw resides in unspecified API calls that accept crafted parameters, enabling improper access to files and directories outside intended boundaries.

Remote authenticated users can exploit the issue over the network with low attack complexity to bypass file and directory restrictions or retrieve untrusted data and code. The CVSS 3.1 score of 6.5 reflects high confidentiality impact without requiring user interaction.

IBM advisory swg21677445 and related Secunia entries direct administrators to upgrade to BigInsights 2.1.0.3 or later to address the exposure. No public reports of in-the-wild exploitation appear in the referenced sources.

EU & UK References

Vulnerability details

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

CWE(s)
KEV Date Added
25 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ibm
infosphere biginsights
≤ 2.1.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces intended file and directory access restrictions that the path-traversal API calls bypass.

prevent

Validates API parameters to block crafted inputs that enable path traversal outside authorized boundaries.

prevent

Enforces information-flow rules that would otherwise allow unauthorized retrieval of files, directories, or untrusted code.

References