Multiple IBM Products CVE-2013-0532 Cross Site Request Forgery Vulnerability

Bugtraq ID:	58683
Class:	Input Validation Error
CVE:	CVE-2013-0532
Remote:	Yes
Local:	No
Published:	Mar 25 2013 12:00AM
Updated:	Mar 25 2013 12:00AM
Credit:	IBM
Vulnerable:	IBM Rational Policy Tester 8.5.0.1 IBM Rational Policy Tester 8.5 IBM Rational AppScan Enterprise 8.5.0.1 IBM Rational AppScan Enterprise 8.0.1.1 IBM Rational AppScan Enterprise 8.0.1 IBM Rational AppScan Enterprise 8.0.0.1 IBM Rational AppScan Enterprise 8.0.0
Not Vulnerable:

Multiple IBM Products CVE-2013-0532 Cross Site Request Forgery Vulnerability

Multiple IBM products are prone to a cross-site request-forgery vulnerability because they fail to properly validate HTTP requests.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

The following product versions are affected:

Rational AppScan Enterprise versions 5.6 through 8.6.0.2
Rational Policy Tester versions 5.6 through 8.5.0.3

Multiple IBM Products CVE-2013-0532 Cross Site Request Forgery Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Multiple IBM Products CVE-2013-0532 Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM Products CVE-2013-0532 Cross Site Request Forgery Vulnerability

References:

• IBM Homepage (IBM)
  
• Rational AppScan Enterprise Homepage (IBM)