Authorization Bypass in IBM Rational Policy Tester Affects Remote User Access
CVE-2013-4061

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Policy Tester
Vendor: CVE Published:; 9 September 2013

Summary

IBM Rational Policy Tester 8.5 prior to version 8.5.0.5 contains a vulnerability that fails to adequately verify user authorization when changes are made to the set of authentication hosts. This oversight permits remote authenticated users to carry out spoofing attacks, potentially redirecting HTTP requests through unspecified vectors and compromising security measures.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21648481

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86585

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 9, 2013
Vulnerability Reserved
Jun 7, 2013