PT-2013-4798 · Ibm · Infosphere Optim Configuration Manager+3
Publicado
2013-09-25
·
Atualizado
2017-08-29
·
CVE-2013-4024
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Data Studio Web Console versions 3.x before 3.2
Optim Performance Manager versions 5.x before 5.2
InfoSphere Optim Configuration Manager versions 2.x before 2.2
DB2 Recovery Expert versions 2.x
Description
The issue allows remote attackers to read session cookies by sniffing the network, as the affected software supports HTTP access to the Web Console.
Recommendations
For IBM Data Studio Web Console versions 3.x before 3.2, update to version 3.2 or later.
For Optim Performance Manager versions 5.x before 5.2, update to version 5.2 or later.
For InfoSphere Optim Configuration Manager versions 2.x before 2.2, update to version 2.2 or later.
For DB2 Recovery Expert versions 2.x, update to a version that does not support HTTP access to the Web Console or ensures encrypted communication.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Db2 Recovery Expert
Ibm Data Studio Web Console
Infosphere Optim Configuration Manager
Optim Performance Manager