CVE-2013-3042

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84768

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:::::::*

History

No history.

Information

Published : 2013-12-14 22:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-3042

Mitre link : CVE-2013-3042

CVE.ORG link : CVE-2013-3042

JSON object : View

Products Affected

ibm

rational_software_architect_design_manager
rhapsody_design_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-3042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-14T22:55:02.740", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en el servidor IBM Rational Software Architect Design Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos a traves de vectores que involucran archivos temporales."}], "lastModified": "2017-08-29T01:33:21.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}