CVE-2013-4061

Published: Sep 9, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.

Affected (5)

Products: Ibm: Rational Policy Tester

Ibm

1 product

Rational Policy Tester

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Policy Tester	Version 8.5.0.0
Ibm Rational Policy Tester	Version 8.5.0.1
Ibm Rational Policy Tester	Version 8.5.0.2
Ibm Rational Policy Tester	Version 8.5.0.3
Ibm Rational Policy Tester	Version 8.5.0.4

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21648481

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/86585

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21648481

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/86585

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.