Session Validation Vulnerability in IBM Atlas Suite Products
CVE-2013-6334

Currently unrated

Key Information:

Vendor: IBM
Status: Global Retention Policy And Schedule Management; Atlas Suite; Disposal And Governance Management For It; Atlas Ediscovery Process Management
Vendor: CVE Published:; 10 January 2014

Summary

IBM Atlas Suite products failed to properly validate user sessions, enabling remote attackers to bypass access restrictions. This flaw can be exploited to access sensitive functionality such as the Compliance Questionnaire Save Draft servlet, potentially compromising data integrity. Users of the affected IBM Atlas Suite products should review their security configurations to mitigate the risks arising from this vulnerability.

References

http://www.ibm.com/connections/blogs/PSIRT/entry/security...

x_refsource_CONFIRM

http://osvdb.org/show/osvdb/101855

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/64751

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 10, 2014
Vulnerability Reserved
Oct 31, 2013