CVE-2012-4816

{"id": "CVE-2012-4816", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-26T18:55:01.220", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620359", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78379", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620359", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78379", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080."}, {"lang": "es", "value": "IBM Rational Automation Framework (RAF) v3.x hasta v3.0.0.5 permite a atacantes remotos evitar las restricciones de acceso a Env Gen Wizard (Asistente para la Generaci\u00f3n de entorno) al visitar ra\u00edces de contexto en sesiones HTTP en el puerto 8080.\r\n"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A9F44C-C660-47BB-ADD5-B9797F33E841"}, {"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66D7E002-4DE7-4BB6-9A30-A6869F7B0124"}, {"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2F4869C-39FD-43F9-994A-7304D84840B4"}, {"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A70C3F8A-55E0-46C1-B927-B2DB85A1FEBC"}, {"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FA3679D-81C6-4390-A27F-F4629806BB67"}, {"criteria": "cpe:2.3:a:ibm:rational_automation_framework:3.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9680A6-DC0A-4967-A398-82E36D2D2219"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}