CVE-2013-0532

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 65.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Policy Tester IBM Security Appscan

Timeline

PublishedMar 29

Latest updateMay 5

Description

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/rational_policy_tester10 versions+9

▶NVDibm/security_appscan12 versions+11

🔴Vulnerability Details

GHSA

GHSA-gf4r-j8r8-2g8j: Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5↗2022-05-05

▶

CVEList

CVE-2013-0532: Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5↗2013-03-29

▶

💬Community

Bugzilla

CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)↗2013-02-20

▶