CVE-2013-4025

Name of the Vulnerable Software and Affected Versions IBM Data Studio Web Console versions 3.x before 3.2 Optim Performance Manager versions 5.x before 5.2 InfoSphere Optim Configuration Manager versions 2.x before 2.2 DB2 Recovery Expert versions 2.x

Description The issue makes it easier for remote attackers to obtain access by leveraging an unattended workstation, due to the lack of an off autocomplete attribute for the login-password field.

Recommendations For IBM Data Studio Web Console versions 3.x before 3.2, update to version 3.2 or later. For Optim Performance Manager versions 5.x before 5.2, update to version 5.2 or later. For InfoSphere Optim Configuration Manager versions 2.x before 2.2, update to version 2.2 or later. For DB2 Recovery Expert versions 2.x, at the moment, there is no information about a newer version that contains a fix for this issue.