Information Disclosure in IBM Tivoli Application Dependency Discovery Manager
CVE-2013-3023

8.1HIGH

Key Information:

Vendor: IBM
Status: Tivoli Application Dependency Discovery Manager
Vendor: CVE Published:; 24 May 2018

What is CVE-2013-3023?

An information disclosure vulnerability in IBM Tivoli Application Dependency Discovery Manager versions 7.1.2 and 7.2.0 through 7.2.1.4 may allow remote attackers to capture sensitive information. Attackers could exploit unencrypted HTTP sessions to retrieve Tomcat credentials by monitoring network traffic. This vulnerability highlights the importance of using secure protocols for sensitive communications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84361

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21672388

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Apr 12, 2013