Directory Traversal Vulnerabilities in IBM Rational License Server
CVE-2011-1389

Currently unrated

Key Information:

Vendor: IBM
Status: Rational License Server; Rational License Key Server; Telelogic License Server
Vendor: CVE Published:; 19 January 2012

Summary

Multiple directory traversal vulnerabilities exist in the vendor daemon of the Rational Common Licensing system. These vulnerabilities in Telelogic License Server (version 2.0), Rational License Server (versions 7.x), and the IBM Rational License Key Server (versions 8.0 to 8.1.2) could enable remote attackers to execute arbitrary code. The vulnerabilities are related to mismanaged save, rename, and load operations on log files, creating potential pathways for exploitation. It is advisable for administrators to patch their systems to mitigate these risks.

References

http://www.flexerasoftware.com/pl/13057.htm

x_refsource_MISC

http://secunia.com/advisories/47524

third-party-advisoryx_refsource_SECUNIA

http://kb.flexerasoftware.com/selfservice/microsites/sear...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 19, 2012
Vulnerability Reserved
Mar 10, 2011