CVE-2014-3079
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21681449
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | rational_license_key_server | 8.1.4 | |
| ibm | rational_license_key_server | 8.1.4.2 | |
| ibm | rational_license_key_server | 8.1.4.3 | |
References
- http://secunia.com/advisories/60709
- http://secunia.com/advisories/61071
- http://www-01.ibm.com/support/docview.wss?uid=swg21681449
- http://www-01.ibm.com/support/docview.wss?uid=swg21682627
- http://www-01.ibm.com/support/docview.wss?uid=swg24038045
- http://www.securityfocus.com/bid/69643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93912
- http://secunia.com/advisories/60709
- http://secunia.com/advisories/61071
- http://www-01.ibm.com/support/docview.wss?uid=swg21681449
- http://www-01.ibm.com/support/docview.wss?uid=swg21682627
- http://www-01.ibm.com/support/docview.wss?uid=swg24038045
- http://www.securityfocus.com/bid/69643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93912
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.