{"api_version":"1","generated_at":"2026-05-14T11:01:19+00:00","cve":"CVE-2013-5400","urls":{"html":"https://cve.report/CVE-2013-5400","api":"https://cve.report/api/cve/CVE-2013-5400.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-5400","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-5400"},"summary":{"title":"CVE-2013-5400","description":"An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain \"local environment\" access via unknown vectors.","state":"PUBLISHED","assigner":"ibm","published_at":"2014-02-14 13:10:30","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-255","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564","name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"IBM Security Bulletin: IBM Platform Symphony (CVE-2013-5400) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87296","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87296","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-5400","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5400","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"5400","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"platform_symphony","cpe6":"5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"developer","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5400","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"platform_symphony","cpe6":"6.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"developer","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5400","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"platform_symphony","cpe6":"6.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"developer","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2013","cve_id":"5400","cve":"CVE-2013-5400","epss":"0.023690000","percentile":"0.850210000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:11"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T17:06:52.415Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ibm-symphony-cve20135400-code-exec(87296)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87296"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-02-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain \"local environment\" access via unknown vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"name":"ibm-symphony-cve20135400-code-exec(87296)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87296"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2013-5400","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain \"local environment\" access via unknown vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ibm-symphony-cve20135400-code-exec(87296)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87296"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564"}]}}}},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2013-5400","datePublished":"2014-02-14T02:00:00.000Z","dateReserved":"2013-08-22T00:00:00.000Z","dateUpdated":"2024-08-06T17:06:52.415Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-02-14 13:10:30","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-255","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:platform_symphony:5.2:*:*:*:developer:*:*:*","matchCriteriaId":"EBBB2174-B82A-4129-9ADB-A8AB28833992"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:platform_symphony:6.1.0:*:*:*:developer:*:*:*","matchCriteriaId":"74818384-5D69-4832-933E-1376928D3774"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:platform_symphony:6.1.1:*:*:*:developer:*:*:*","matchCriteriaId":"FFA668AD-763A-4AC1-A6C2-AACB872A5EF4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"5400","Ordinal":"1","Title":"CVE-2013-5400","CVE":"CVE-2013-5400","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"5400","Ordinal":"1","NoteData":"An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain \"local environment\" access via unknown vectors.","Type":"Description","Title":"CVE-2013-5400"},{"CveYear":"2013","CveId":"5400","Ordinal":"2","NoteData":"2014-02-13","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"5400","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}