ID CVE-2010-4094
Summary The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:rational_test_lab_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rational_test_lab_manager:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-01-2011 - 06:45)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 44172
misc
osvdb 69008
sectrack 1024601
secunia 41784
vupen ADV-2010-2732
saint via4
bid 44172
description IBM Rational Quality Manager and Test Lab Manager Policy Bypass
title ibm_rational_quality_manager_default_credentials
type remote
Last major update 11-01-2011 - 06:45
Published 26-10-2010 - 18:00
Last modified 11-01-2011 - 06:45
Back to Top