Lucene search

[email protected]CVE-2013-0513

HistoryMar 29, 2013 - 4:09 p.m.

CVE-2013-0513

2013-03-2916:09:03

[email protected]

web.nvd.nist.gov

ibm

security

appscan enterprise

rational policy tester

vulnerability

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an “Unquoted Service Path Enumeration” vulnerability.

Affected configurations

NVD

Node

ibmsecurity_appscanMatch5.6.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.0.0.2-enterprise

ibmsecurity_appscanMatch8.0.1.0-enterprise

ibmsecurity_appscanMatch8.0.1.1-enterprise

ibmsecurity_appscanMatch8.0.11-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

ibmsecurity_appscanMatch8.6.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.2-enterprise

Node

ibmrational_policy_testerMatch5.6.0.0

ibmrational_policy_testerMatch8.0.0.0

ibmrational_policy_testerMatch8.0.0.1

ibmrational_policy_testerMatch8.0.0.2

ibmrational_policy_testerMatch8.0.1.0

ibmrational_policy_testerMatch8.0.1.1

ibmrational_policy_testerMatch8.5.0.0

ibmrational_policy_testerMatch8.5.0.1

ibmrational_policy_testerMatch8.5.0.2

ibmrational_policy_testerMatch8.5.0.3

CPENameOperatorVersion
ibm:security_appscanibm security appscaneq5.6.0.0
ibm:security_appscanibm security appscaneq8.0.0.0
ibm:security_appscanibm security appscaneq8.0.0.1
ibm:security_appscanibm security appscaneq8.0.0.2
ibm:security_appscanibm security appscaneq8.0.1.0
ibm:security_appscanibm security appscaneq8.0.1.1
ibm:security_appscanibm security appscaneq8.0.11
ibm:security_appscanibm security appscaneq8.5.0.0
ibm:security_appscanibm security appscaneq8.5.0.1
ibm:security_appscanibm security appscaneq8.6.0.0

CPE	Name	Operator	Version
ibm:security_appscan	ibm security appscan	eq	5.6.0.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.1
ibm:security_appscan	ibm security appscan	eq	8.0.0.2
ibm:security_appscan	ibm security appscan	eq	8.0.1.0
ibm:security_appscan	ibm security appscan	eq	8.0.1.1
ibm:security_appscan	ibm security appscan	eq	8.0.11
ibm:security_appscan	ibm security appscan	eq	8.5.0.0
ibm:security_appscan	ibm security appscan	eq	8.5.0.1
ibm:security_appscan	ibm security appscan	eq	8.6.0.0