IBM Data Studio Web Console Vulnerability in Network Security
CVE-2013-4024

Currently unrated

Key Information:

Vendor: IBM
Status: Data Studio Web Console; Infosphere Optim Configuration Manager; Optim Performance Manager; Db2 Recovery Expert
Vendor: CVE Published:; 25 September 2013

Summary

IBM Data Studio Web Console, along with several associated products, is vulnerable due to improper handling of HTTP traffic that enables remote attackers to intercept sensitive session cookies. This flaw arises from inadequate security measures in the web console, which can be exploited in a network environment where data is not adequately encrypted, exposing users to potential session hijacking and unauthorized access. Patch updates are available that address these issues by improving the security configurations of the affected services.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21650504

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/85931

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 25, 2013
Vulnerability Reserved
Jun 7, 2013