CVE-2013-4062

Published: Sep 9, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate.

Affected (5)

Products: Ibm: Rational Policy Tester

Ibm

1 product

Rational Policy Tester

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Policy Tester	Version 8.5.0.0
Ibm Rational Policy Tester	Version 8.5.0.1
Ibm Rational Policy Tester	Version 8.5.0.2
Ibm Rational Policy Tester	Version 8.5.0.3
Ibm Rational Policy Tester	Version 8.5.0.4

Related CWEs

CWE-310

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21648481

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/86586

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21648481

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/86586

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.