CVE-2013-0532

{"id": "CVE-2013-0532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-03-29T16:09:03.893", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626264", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631304", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82595", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626264", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631304", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82595", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 y IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para peticiones que provocan una denegaci\u00f3n de servicio a trav\u00e9s de HTTP con formato incorrecto de datos."}], "lastModified": "2024-11-21T01:47:44.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39FC4232-1329-41F1-BA0A-14132DCDB742"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1B610D1-259B-4302-B53C-122B28DC9C3E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "118823C5-6169-41E3-BD9D-707A11ABF6D0"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABD7F3A-218B-4C5B-9C59-B70DF12B2636"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D2DFF5-9C7D-4DE6-BF50-6AF81384DF74"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13510F33-FB13-48FA-9D2C-82D633A3C49E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5019192-0D6B-4BD3-9B51-F1B967F241DA"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8F320A3-9317-4FDA-B1FB-64B70393802D"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "757704EA-B054-4D1C-808F-4EFF34CDB4D9"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EE41CC5-24F1-44D3-A881-628B049C242C"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B20082-EA17-4BE9-AC60-1B8DA726C4A5"}, {"criteria": "cpe:2.3:a:ibm:security_appscan:8.6.0.2:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03408A0D-F784-49CC-8EDC-ACA017AA2524"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_policy_tester:5.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB783DFB-39C9-45CA-BBCB-8EE880F13579"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97EE9572-3250-4AA1-A6EC-CDFE0B47B43A"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC267C4-83C0-41A0-80DE-E31ADDD842D6"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838DA33E-980E-4F30-B41F-5088AC8B5E82"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7838763D-3370-44FB-B034-0EFE0120648F"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17354A71-D675-42D2-BEA6-E186E338B118"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6009EF79-F032-4AF3-B88A-CCF756243BD9"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B9869E-B797-4883-87B4-F66BA3940094"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "549B1A85-1912-4CB4-8AB4-8ADE04F89D8C"}, {"criteria": "cpe:2.3:a:ibm:rational_policy_tester:8.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3509EF01-B8F9-404E-86EF-8344EFC16FC2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}