Vulnerability Description
IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Automation Framework | 3.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21620359Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78379
- http://www-01.ibm.com/support/docview.wss?uid=swg21620359Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78379
FAQ
What is CVE-2012-4816?
CVE-2012-4816 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots ...
How severe is CVE-2012-4816?
CVE-2012-4816 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4816?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Automation Framework.