CVE-2013-3023: Infoleak
First published: Thu May 24 2018(Updated: )
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Application Dependency Discovery Manager | >=7.2.0<=7.2.1.4 | |
| IBM Tivoli Application Dependency Discovery Manager | =7.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2013-3023.
What is the severity of CVE-2013-3023?
The severity of CVE-2013-3023 is high with a CVSS score of 8.1.
What software is affected by CVE-2013-3023?
IBM Tivoli Application Dependency Discovery Manager versions 7.1.2 and 7.2.0 through 7.2.1.4 are affected by CVE-2013-3023.
How can remote attackers exploit CVE-2013-3023?
Remote attackers can exploit CVE-2013-3023 by sniffing the network for a session in which HTTP is used to obtain sensitive information about Tomcat credentials.
Where can I find more information about CVE-2013-3023?
You can find more information about CVE-2013-3023 at the following references: [IBM Support](http://www-01.ibm.com/support/docview.wss?uid=swg21672388) and [IBM X-Force](https://exchange.xforce.ibmcloud.com/vulnerabilities/84361).
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- vendor/ibm
- canonical/ibm tivoli application dependency discovery manager
- version/ibm tivoli application dependency discovery manager/7.2.0
- version/ibm tivoli application dependency discovery manager/7.2.1.4
- version/ibm tivoli application dependency discovery manager/7.1.2