Vulnerability CVE-2013-6334

Vulnerability CVE-2013-6334

Published: 2014-01-10

Description:

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.4/10	4.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
IBM -> Atlas ediscovery process management
IBM -> Atlas suite
IBM -> Disposal and governance management for it
IBM -> Global retention policy and schedule management

References:

http://www.securityfocus.com/bid/64751

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_atlas_suite_atlas_policy_suite_sql_injection_vulnerability_cve_2013_6321_and_access_control_vulnerability_cve_2013_6334

http://osvdb.org/show/osvdb/101855

Vulnerability CVE-2013-6334

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

6.4/10

4.9/10

10/10

Remote

Low

No required

Partial

Partial

None

Affected software

References: