CVE-2014-6148

EUVD-2014-6034
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_application_dependency_discovery_manager
7.2.0.0
ibmtivoli_application_dependency_discovery_manager
7.2.0.1
ibmtivoli_application_dependency_discovery_manager
7.2.0.2
ibmtivoli_application_dependency_discovery_manager
7.2.0.3
ibmtivoli_application_dependency_discovery_manager
7.2.0.4
ibmtivoli_application_dependency_discovery_manager
7.2.0.5
ibmtivoli_application_dependency_discovery_manager
7.2.0.6
ibmtivoli_application_dependency_discovery_manager
7.2.0.7
ibmtivoli_application_dependency_discovery_manager
7.2.0.8
ibmtivoli_application_dependency_discovery_manager
7.2.0.9
ibmtivoli_application_dependency_discovery_manager
7.2.0.10
ibmtivoli_application_dependency_discovery_manager
7.2.1
ibmtivoli_application_dependency_discovery_manager
7.2.1.1
ibmtivoli_application_dependency_discovery_manager
7.2.1.2
ibmtivoli_application_dependency_discovery_manager
7.2.1.3
ibmtivoli_application_dependency_discovery_manager
7.2.1.4
ibmtivoli_application_dependency_discovery_manager
7.2.1.5
ibmtivoli_application_dependency_discovery_manager
7.2.1.6
ibmtivoli_application_dependency_discovery_manager
7.2.2
ibmtivoli_application_dependency_discovery_manager
7.2.2.1
ibmtivoli_application_dependency_discovery_manager
7.2.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918