Web Console Vulnerability in IBM Data Studio and Related Products
CVE-2013-4025

Currently unrated

Key Information:

Vendor: IBM
Status: Data Studio Web Console; Infosphere Optim Configuration Manager; Optim Performance Manager; Db2 Recovery Expert
Vendor: CVE Published:; 25 September 2013

Summary

The IBM Data Studio Web Console and related IBM products lack the 'off' autocomplete attribute for their login-password fields. This oversight allows remote attackers to exploit unattended workstations more easily, potentially gaining unauthorized access to sensitive data and systems. Users and organizations utilizing these products should take immediate steps to mitigate the risks involved.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21650504

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/85933

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 25, 2013
Vulnerability Reserved
Jun 7, 2013