CVE-2014-6148

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Application Dependency Discovery Manager
Vendor: CVE Published:; 31 October 2014

Summary

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21688549

x_refsource_CONFIRM

http://secunia.com/advisories/61785

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/96918

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 31, 2014
Vulnerability Reserved
Sep 2, 2014