Lucene search

IbmCVE-2013-0532

HistoryMar 29, 2013 - 4:09 p.m.

CVE-2013-0532

2013-03-2916:09:03

CWE-352

ibm

web.nvd.nist.gov

cve

2013

0532

csrf

vulnerability

ibm

security

appscan

enterprise

rational

policy

tester

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.

Affected configurations

Nvd

Node

ibmsecurity_appscanMatch5.6.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.0.0.2-enterprise

ibmsecurity_appscanMatch8.0.1.0-enterprise

ibmsecurity_appscanMatch8.0.1.1-enterprise

ibmsecurity_appscanMatch8.0.11-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

ibmsecurity_appscanMatch8.6.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.2-enterprise

Node

ibmrational_policy_testerMatch5.6.0.0

ibmrational_policy_testerMatch8.0.0.0

ibmrational_policy_testerMatch8.0.0.1

ibmrational_policy_testerMatch8.0.0.2

ibmrational_policy_testerMatch8.0.1.0

ibmrational_policy_testerMatch8.0.1.1

ibmrational_policy_testerMatch8.5.0.0

ibmrational_policy_testerMatch8.5.0.1

ibmrational_policy_testerMatch8.5.0.2

ibmrational_policy_testerMatch8.5.0.3

VendorProductVersionCPE
ibmsecurity_appscan5.6.0.0cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.0cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.1cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.2cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.1.0cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.1.1cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.11cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.5.0.0cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.5.0.1cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.6.0.0cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_appscan	5.6.0.0	cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.0	cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.1	cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:::::*
ibm	security_appscan	8.0.0.2	cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:::::*
ibm	security_appscan	8.0.1.0	cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:::::*
ibm	security_appscan	8.0.1.1	cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:::::*
ibm	security_appscan	8.0.11	cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:::::*
ibm	security_appscan	8.5.0.0	cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:::::*
ibm	security_appscan	8.5.0.1	cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:::::*
ibm	security_appscan	8.6.0.0	cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:::::*

Rows per page:

1-10 of 221

References

www-01.ibm.com/support/docview.wss?uid=swg21626264

www-01.ibm.com/support/docview.wss?uid=swg21631304

exchange.xforce.ibmcloud.com/vulnerabilities/82595

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Related for CVE-2013-0532