CVE-2013-6334

Currently unrated

Key Information:

Vendor: IBM
Status: Global Retention Policy And Schedule Management; Atlas Suite; Disposal And Governance Management For It; Atlas Ediscovery Process Management
Vendor: CVE Published:; 10 January 2014

Summary

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.

References

http://www.ibm.com/connections/blogs/PSIRT/entry/security...

x_refsource_CONFIRM

http://osvdb.org/show/osvdb/101855

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/64751

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 10, 2014
Vulnerability Reserved
Oct 31, 2013