CVE-2014-6148

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
ibmtivoli_application_dependency_discovery_manager
7.2.0.0
ibmtivoli_application_dependency_discovery_manager
7.2.0.1
ibmtivoli_application_dependency_discovery_manager
7.2.0.2
ibmtivoli_application_dependency_discovery_manager
7.2.0.3
ibmtivoli_application_dependency_discovery_manager
7.2.0.4
ibmtivoli_application_dependency_discovery_manager
7.2.0.5
ibmtivoli_application_dependency_discovery_manager
7.2.0.6
ibmtivoli_application_dependency_discovery_manager
7.2.0.7
ibmtivoli_application_dependency_discovery_manager
7.2.0.8
ibmtivoli_application_dependency_discovery_manager
7.2.0.9
ibmtivoli_application_dependency_discovery_manager
7.2.0.10
ibmtivoli_application_dependency_discovery_manager
7.2.1
ibmtivoli_application_dependency_discovery_manager
7.2.1.1
ibmtivoli_application_dependency_discovery_manager
7.2.1.2
ibmtivoli_application_dependency_discovery_manager
7.2.1.3
ibmtivoli_application_dependency_discovery_manager
7.2.1.4
ibmtivoli_application_dependency_discovery_manager
7.2.1.5
ibmtivoli_application_dependency_discovery_manager
7.2.1.6
ibmtivoli_application_dependency_discovery_manager
7.2.2
ibmtivoli_application_dependency_discovery_manager
7.2.2.1
ibmtivoli_application_dependency_discovery_manager
7.2.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918