CVE-2014-6148

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549	Patch Vendor Advisory
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549	Patch Vendor Advisory
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:::::::*
	cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:::::::*

History

21 Nov 2024, 02:13

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/61785 -~~	() http://secunia.com/advisories/61785 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21688549 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21688549 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/70842 -~~	() http://www.securityfocus.com/bid/70842 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 -

Information

Published : 2014-10-31 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-6148

Mitre link : CVE-2014-6148

CVE.ORG link : CVE-2014-6148

JSON object : View

Products Affected

ibm

tivoli_application_dependency_discovery_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2014-6148", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-31T10:55:02.330", "references": [{"url": "http://secunia.com/advisories/61785", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/70842", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/61785", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70842", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."}, {"lang": "es", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticaci\u00f3n TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de la base de datos a trav\u00e9s de una URL manipulada."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95C26D6-183C-478D-9301-513DAB774616"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78F659C-C466-4337-8552-154EC7652BA4"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C02B4388-6AAB-436D-9F21-5CDA8BE20A97"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C610817E-069B-42BF-84F1-A55EF30FF15A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BAD402-6022-4D72-839A-A92B984278D9"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186660BD-4B0F-4A2A-A6A6-1E61FB61BF58"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152727A5-7CA6-4AF8-A42A-1049BFB9AB94"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9801F07-7AA8-4F76-B1B8-90271CB0D8E2"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "757D89F2-7C6D-4213-89EF-DE766D161B26"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72"}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

3.5 /10