CVE-2012-4816
Published Dec 26, 2012
Last updated 7 years ago
Overview
- Description
- IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5A9F44C-C660-47BB-ADD5-B9797F33E841"
},
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66D7E002-4DE7-4BB6-9A30-A6869F7B0124"
},
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2F4869C-39FD-43F9-994A-7304D84840B4"
},
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A70C3F8A-55E0-46C1-B927-B2DB85A1FEBC"
},
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FA3679D-81C6-4390-A27F-F4629806BB67"
},
{
"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED9680A6-DC0A-4967-A398-82E36D2D2219"
}
],
"operator": "OR"
}
]
}
]