First published: Fri Jan 10 2014(Updated: )
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Atlas eDiscovery Process Management | <=6.0.1.5 | |
IBM Atlas eDiscovery Process Management | =6.0.2 | |
IBM Atlas Suite | ||
IBM Disposal and Governance Management for IT | <=6.0.1.5 | |
IBM Disposal and Governance Management for IT | =6.0.2 | |
IBM Global Retention Policy and Schedule Management | <=6.0.1.5 | |
IBM Global Retention Policy and Schedule Management | =6.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.