CVE-2013-3018

Published: May 24, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

Affected (2)

Products: Ibm: Tivoli Application Dependency Discovery Manager

1 product

Tivoli Application Dependency Discovery Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Application Dependency Discovery Manager	From 7.2.0 to 7.2.1.4
Ibm Tivoli Application Dependency Discovery Manager	Version 7.1.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21672403

Source: psirt@us.ibm.com

MitigationVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/84354

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21672403

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/84354

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.