CVE-2012-4816

Published Dec 26, 2012

Last updated 3 months ago

CVSS info 7.5

Overview

Description: IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5A9F44C-C660-47BB-ADD5-B9797F33E841"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66D7E002-4DE7-4BB6-9A30-A6869F7B0124"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2F4869C-39FD-43F9-994A-7304D84840B4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A70C3F8A-55E0-46C1-B927-B2DB85A1FEBC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA3679D-81C6-4390-A27F-F4629806BB67"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED9680A6-DC0A-4967-A398-82E36D2D2219"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References