IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21650504 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/85931 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-09-25 03:31
Updated : 2017-08-28 18:33
NVD link : CVE-2013-4024
Mitre link : CVE-2013-4024
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
ibm
- data_studio_web_console
- infosphere_optim_configuration_manager
- optim_performance_manager
- db2_recovery_expert