Authorization Bypass in IBM Tivoli Application Dependency Discovery Manager
CVE-2013-2974

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Application Dependency Discovery Manager
Vendor: CVE Published:; 29 January 2014

Summary

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) provides input fields that can be exploited by remote authenticated users. By manipulating parameters in the BIRT reporting URL, attackers can bypass authorization checks, gaining elevated privileges that allow them to create or delete reports. This vulnerability may also lead to SQL injection attacks, placing sensitive data and system integrity at risk.

References

http://www.ibm.com/support/docview.wss?uid=swg21662955

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/83877

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 29, 2014
Vulnerability Reserved
Apr 12, 2013