CVE-2013-6334

Name of the Vulnerable Software and Affected Versions IBM Atlas eDiscovery Process Management versions 6.0.1.5 and earlier and 6.0.2 Disposal and Governance Management for IT versions 6.0.1.5 and earlier and 6.0.2 Global Retention Policy and Schedule Management versions 6.0.1.5 and earlier and 6.0.2

Description The issue allows remote attackers to bypass intended access restrictions due to improper session validation. This can lead to unauthorized access to the "PolicyAtlas/ResponseDraftServlet" (also known as the Compliance Questionnaire Save Draft servlet) via unspecified vectors.

Recommendations For IBM Atlas eDiscovery Process Management versions 6.0.1.5 and earlier and 6.0.2, update to a version that properly validates sessions. For Disposal and Governance Management for IT versions 6.0.1.5 and earlier and 6.0.2, update to a version that properly validates sessions. For Global Retention Policy and Schedule Management versions 6.0.1.5 and earlier and 6.0.2, update to a version that properly validates sessions. As a temporary workaround, consider restricting access to the PolicyAtlas/ResponseDraftServlet to minimize the risk of exploitation.