CVE-2013-3018

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 64.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Application Dependency Discovery Manager

Timeline

PublishedMay 24

Latest updateMay 14

Description

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/tivoli_application_dependency_discovery_manager7.2.0 — 7.2.1.4+1

🔴Vulnerability Details

GHSA

GHSA-xg7r-h2rr-v552: The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7↗2022-05-14

▶

CVEList

CVE-2013-3018: The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7↗2018-05-24

▶