CVE-2013-3043: Path Traversal
First published: Sat Dec 14 2013(Updated: )
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Software Architect | =3.0.0 | |
| IBM Rational Software Architect | =3.0.0.1 | |
| IBM Rational Software Architect | =3.0.1 | |
| IBM Rational Software Architect | =4.0.0 | |
| IBM Rational Software Architect | =4.0.1 | |
| IBM Rational Software Architect | =4.0.2 | |
| IBM Rational Software Architect | =4.0.3 | |
| IBM Rational Software Architect | =4.0.4 | |
| IBM Rational Rhapsody | =3.0.0 | |
| IBM Rational Rhapsody | =3.0.0.1 | |
| IBM Rational Rhapsody | =3.0.1 | |
| IBM Rational Rhapsody | =4.0.0 | |
| IBM Rational Rhapsody | =4.0.1 | |
| IBM Rational Rhapsody | =4.0.2 | |
| IBM Rational Rhapsody | =4.0.3 | |
| IBM Rational Rhapsody | =4.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3043?
CVE-2013-3043 has a medium severity rating due to its potential to allow unauthorized local file access.
How do I fix CVE-2013-3043?
To fix CVE-2013-3043, upgrade to IBM Rational Software Architect Design Manager or Rhapsody Design Manager version 4.0.5 or later.
Who is affected by CVE-2013-3043?
CVE-2013-3043 affects local users of IBM Rational Software Architect Design Manager and Rhapsody Design Manager versions 3.x and 4.x prior to 4.0.5.
What can attackers do with CVE-2013-3043?
Attackers exploiting CVE-2013-3043 can read arbitrary files on the system via directory traversal techniques.
When was CVE-2013-3043 disclosed?
CVE-2013-3043 was disclosed in April 2013.
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational software architect
- version/ibm rational software architect/3.0.0
- version/ibm rational software architect/3.0.0.1
- version/ibm rational software architect/3.0.1
- version/ibm rational software architect/4.0.0
- version/ibm rational software architect/4.0.1
- version/ibm rational software architect/4.0.2
- version/ibm rational software architect/4.0.3
- version/ibm rational software architect/4.0.4
- canonical/ibm rational rhapsody
- version/ibm rational rhapsody/3.0.0
- version/ibm rational rhapsody/3.0.0.1
- version/ibm rational rhapsody/3.0.1
- version/ibm rational rhapsody/4.0.0
- version/ibm rational rhapsody/4.0.1
- version/ibm rational rhapsody/4.0.2
- version/ibm rational rhapsody/4.0.3
- version/ibm rational rhapsody/4.0.4