Skip to main content

Rational License Key Server CVE-2014-3079

LOW
Permissions, Privileges, and Access Controls (CWE-264)
2014-09-10 psirt@us.ibm.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:N/AC:H/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 10, 2014 - 10:55 cve.org
LOW 2.1

DescriptionCVE.org

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.

AnalysisAI

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-264. The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query. Affected products include: Ibm Rational License Key Server. Version information: before 8.1.4.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2014-3079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy