Authorization Bypass in IBM Rational License Key Server Administration Tool
CVE-2014-3079

Currently unrated

Key Information:

Vendor: IBM
Status: Rational License Key Server
Vendor: CVE Published:; 10 September 2014

Summary

The Administration and Reporting Tool in IBM Rational License Key Server versions prior to 8.1.4.4 is susceptible to an authorization bypass vulnerability. This issue allows remote authenticated users to circumvent security measures and access sensitive license-usage data by exploiting a DESCRIBE clause in a SPARQL query. As a result, information that should be restricted can be disclosed, posing a significant security risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682627

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg24038045

x_refsource_CONFIRM

http://secunia.com/advisories/60709

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Apr 29, 2014