Vulnerability Details : CVE-2012-4816
IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
Products affected by CVE-2012-4816
- cpe:2.3:a:ibm:rational_automation_framework:3.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_automation_framework:3.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_automation_framework:3.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_automation_framework:3.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_automation_framework:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_automation_framework:3.0.0.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4816
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4816
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-4816
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4816
-
http://www-01.ibm.com/support/docview.wss?uid=swg21620359
IBM Security Bulletin: Rational Automation Framework Environment Wizard Vulnerability (CVE-2012-4816)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78379
IBM Rational Automation Framework Environment Wizard security bypass CVE-2012-4816 Vulnerability Report
Jump to