BID:58688

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

Info

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

Bugtraq ID:	58688
Class:	Unknown
CVE:	CVE-2013-0474
Remote:	Yes
Local:	No
Published:	Mar 25 2013 12:00AM
Updated:	Mar 25 2013 12:00AM
Credit:	IBM
Vulnerable:	IBM Rational Policy Tester 8.5.0.1 IBM Rational Policy Tester 8.5 IBM Rational AppScan Enterprise 8.5.0.1 IBM Rational AppScan Enterprise 8.0.1.1 IBM Rational AppScan Enterprise 8.0.1 IBM Rational AppScan Enterprise 8.0.0.1 IBM Rational AppScan Enterprise 8.0.0 IBM Rational AppScan Enterprise 5.5

Not Vulnerable:

Discussion

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

Multiple IBM products are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

The following product versions are vulnerable:

IBM Rational Policy Tester versions 5.6 through 8.5.0.3
IBM Rational AppScan Enterprise versions 8.6 through 8.6.0.2

Exploit / POC

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

To exploit this issue, attackers can use readily available commands or network utilities.

Solution / Fix

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Multiple IBM products CVE-2013-0474 Information Disclosure Vulnerability

References:

IBM Homepage (IBM)
Rational AppScan Enterprise Homepage (IBM)