PT-2013-4798 · Ibm · Infosphere Optim Configuration Manager+3
Published
2013-09-25
·
Updated
2017-08-29
·
CVE-2013-4024
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Data Studio Web Console versions 3.x before 3.2
Optim Performance Manager versions 5.x before 5.2
InfoSphere Optim Configuration Manager versions 2.x before 2.2
DB2 Recovery Expert versions 2.x
Description
The issue allows remote attackers to read session cookies by sniffing the network, as the affected software supports HTTP access to the Web Console.
Recommendations
For IBM Data Studio Web Console versions 3.x before 3.2, update to version 3.2 or later.
For Optim Performance Manager versions 5.x before 5.2, update to version 5.2 or later.
For InfoSphere Optim Configuration Manager versions 2.x before 2.2, update to version 2.2 or later.
For DB2 Recovery Expert versions 2.x, update to a version that does not support HTTP access to the Web Console or ensures encrypted communication.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Db2 Recovery Expert
Ibm Data Studio Web Console
Infosphere Optim Configuration Manager
Optim Performance Manager