Lucene search

IbmCVE-2013-0474

HistoryMar 29, 2013 - 4:09 p.m.

CVE-2013-0474

2013-03-2916:09:00

CWE-200

ibm

web.nvd.nist.gov

cve-2013-0474

ibm security appscan

rational policy tester

remote attack

authentication credentials

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site.

Affected configurations

Nvd

Node

ibmsecurity_appscanMatch5.6.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.0.0.2-enterprise

ibmsecurity_appscanMatch8.0.1.0-enterprise

ibmsecurity_appscanMatch8.0.1.1-enterprise

ibmsecurity_appscanMatch8.0.11-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

ibmsecurity_appscanMatch8.6.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.2-enterprise

Node

ibmrational_policy_testerMatch5.6.0.0

ibmrational_policy_testerMatch8.0.0.0

ibmrational_policy_testerMatch8.0.0.1

ibmrational_policy_testerMatch8.0.0.2

ibmrational_policy_testerMatch8.0.1.0

ibmrational_policy_testerMatch8.0.1.1

ibmrational_policy_testerMatch8.5.0.0

ibmrational_policy_testerMatch8.5.0.1

ibmrational_policy_testerMatch8.5.0.2

ibmrational_policy_testerMatch8.5.0.3

VendorProductVersionCPE
ibmsecurity_appscan5.6.0.0cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.0cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.1cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.2cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.1.0cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.1.1cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.11cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.5.0.0cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.5.0.1cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.6.0.0cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_appscan	5.6.0.0	cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.0	cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.1	cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:::::*
ibm	security_appscan	8.0.0.2	cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:::::*
ibm	security_appscan	8.0.1.0	cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:::::*
ibm	security_appscan	8.0.1.1	cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:::::*
ibm	security_appscan	8.0.11	cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:::::*
ibm	security_appscan	8.5.0.0	cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:::::*
ibm	security_appscan	8.5.0.1	cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:::::*
ibm	security_appscan	8.6.0.0	cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:::::*

Rows per page:

1-10 of 221

References

www-01.ibm.com/support/docview.wss?uid=swg21626264

www-01.ibm.com/support/docview.wss?uid=swg21631304

exchange.xforce.ibmcloud.com/vulnerabilities/81338

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

Related for CVE-2013-0474