Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0513

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2013-0513
Last Modified 29 Mar 2013 01:24:59
Published 29 Mar 2013 12:09:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-0513

Summary

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.

Vulnerable Systems

Application

  • Ibm Rational Policy Tester 5.6.0.0

  • Ibm Rational Policy Tester 8.0.0.0

  • Ibm Rational Policy Tester 8.0.0.1

  • Ibm Rational Policy Tester 8.0.0.2

  • Ibm Rational Policy Tester 8.0.1.0

  • Ibm Rational Policy Tester 8.0.1.1

  • Ibm Rational Policy Tester 8.5.0.0

  • Ibm Rational Policy Tester 8.5.0.1

  • Ibm Rational Policy Tester 8.5.0.2

  • Ibm Rational Policy Tester 8.5.0.3

  • Ibm Security Appscan 5.6.0.0

  • Ibm Security Appscan 8.0.0.0

  • Ibm Security Appscan 8.0.0.1

  • Ibm Security Appscan 8.0.0.2

  • Ibm Security Appscan 8.0.1.0

  • Ibm Security Appscan 8.0.1.1

  • Ibm Security Appscan 8.0.11

  • Ibm Security Appscan 8.5.0.0

  • Ibm Security Appscan 8.5.0.1

  • Ibm Security Appscan 8.6.0.0

  • Ibm Security Appscan 8.6.0.1

  • Ibm Security Appscan 8.6.0.2


References

XF - appscan-svc-path-priv-esc(82594)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21631304

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21626264


Last Updated: 27 May 2016 11:02:09