CVE Vulnerabilities

CVE-2014-6148

Improper Authentication

Published: Oct 31, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.0 (including) 7.2.0.0 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.1 (including) 7.2.0.1 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.2 (including) 7.2.0.2 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.3 (including) 7.2.0.3 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.4 (including) 7.2.0.4 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.5 (including) 7.2.0.5 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.6 (including) 7.2.0.6 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.7 (including) 7.2.0.7 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.8 (including) 7.2.0.8 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.9 (including) 7.2.0.9 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.0.10 (including) 7.2.0.10 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1 (including) 7.2.1 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.1 (including) 7.2.1.1 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.2 (including) 7.2.1.2 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.3 (including) 7.2.1.3 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.4 (including) 7.2.1.4 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.5 (including) 7.2.1.5 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.1.6 (including) 7.2.1.6 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.2 (including) 7.2.2 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.2.1 (including) 7.2.2.1 (including)
Tivoli_application_dependency_discovery_manager Ibm 7.2.2.2 (including) 7.2.2.2 (including)

Potential Mitigations

References