CVE-2013-3043

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84769

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:::::::*

History

No history.

Information

Published : 2013-12-14 22:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-3043

Mitre link : CVE-2013-3043

CVE.ORG link : CVE-2013-3043

JSON object : View

Products Affected

ibm

rational_software_architect_design_manager
rhapsody_design_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-3043", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-14T22:55:02.770", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en el cliente de IBM Rational Software Architect Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos de forma arbitraria a trav\u00e9s de vectores que involucran archivos temporales."}], "lastModified": "2017-08-29T01:33:21.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6"}, {"criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}