CVE-2013-6334
IBM Atlas Suite - Unauthenticated Access Control Bypass via Compliance Questionnaire Save Draft Servlet
Title source: llmDescription
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_atlas_suite_atlas_policy_suite_sql_injection_vulnerability_cve_2013_6321_and_access_control_vulnerability_cve_2013_6334
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/101855
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64751
Scores
EPSS
0.0136
EPSS Percentile
68.4%
Details
CWE
CWE-20
Status
published
Products (7)
ibm/atlas_ediscovery_process_management
6.0.2
ibm/atlas_ediscovery_process_management
< 6.0.1.5
ibm/atlas_suite
ibm/disposal_and_governance_management_for_it
6.0.2
ibm/disposal_and_governance_management_for_it
< 6.0.1.5
ibm/global_retention_policy_and_schedule_management
6.0.2
ibm/global_retention_policy_and_schedule_management
< 6.0.1.5
Published
Jan 10, 2014
Tracked Since
Feb 18, 2026