Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-6334

Опубликовано: 10 янв. 2014
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:atlas_ediscovery_process_management:*:*:*:*:*:*:*:*
Версия до 6.0.1.5 (включая)
cpe:2.3:a:ibm:atlas_ediscovery_process_management:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:atlas_suite:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:disposal_and_governance_management_for_it:*:*:*:*:*:*:*:*
Версия до 6.0.1.5 (включая)
cpe:2.3:a:ibm:disposal_and_governance_management_for_it:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:global_retention_policy_and_schedule_management:*:*:*:*:*:*:*:*
Версия до 6.0.1.5 (включая)
cpe:2.3:a:ibm:global_retention_policy_and_schedule_management:6.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00181
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-g446-343g-jrpr

github
больше 3 лет назад

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.

EPSS

Процентиль: 40%
0.00181
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20