New vulnerability has been found which affects IBM Rational Performance Tester 8.5.0.0 and earlier version. Type of attack is called ClickJacking. This particular vulnerability allows attacker to create a malicious link to the documentation which injects arbitrary content to the mainframe. This attack does not require any authentication and may be exploited remotely if the HTML network is available.
This impact compromises the data integrity.
CVEID:Â CVE-2013-1571
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84715 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
AFFECTED PRODUCTS AND VERSIONS:Â
IBM Rational Performance Tester version 8.5.0.0 and earlier
REMEDIATION:Â
Users hosting publicly facing Java API Documentation are strongly encouraged use Oracle’s Java API Documentation Updater Tool, a repair-in-place tool meant to correct existing documentation.
The Tool is available to all Java users on www.oracle.com/technetwork/java/javase/downloads/
Workaround(s):
None
Mitigation(s):
None
REFERENCES:
- Complete CVSS Guide
- On-line Calculator V2
- CVE-2013-1571
- X-Force Vulnerability Database http://xforce.iss.net/xforce/xfdb/84715
- http://www-01.ibm.com/support/docview.wss?uid=swg21642878&myns=swgrat&mynp=OCSSMMM5&mync=E
Thanks for visiting QAInsights!
Subscribe to our QAInsights YouTube Channel | Subscribe our free weekly newsletter.