CVE-2013-2974

CWE-2643 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 64.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Application Dependency Discovery Manager

Timeline

PublishedJan 29

Latest updateMay 17

Description

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/tivoli_application_dependency_discovery_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-mp5w-m5wf-mm52: The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7↗2022-05-17

▶

CVEList

CVE-2013-2974: The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7↗2014-01-29

▶