Vulnerability Description
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Application Dependency Discovery Manager | 7.2.1.1 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21662955Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83877
- http://www.ibm.com/support/docview.wss?uid=swg21662955Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83877
FAQ
What is CVE-2013-2974?
CVE-2013-2974 is a vulnerability with a CVSS score of 7.5 (HIGH). The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration ...
How severe is CVE-2013-2974?
CVE-2013-2974 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2974?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Application Dependency Discovery Manager.