CVE-2011-1389

IBM Rational License Key Server <8.1.2 - RCE

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.

References (8)

Core 8
Core References
Various Sources x_refsource_misc
http://www.flexerasoftware.com/pl/13057.htm
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47524
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-272/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47522
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49191
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21577760
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71739

Scores

EPSS 0.0722
EPSS Percentile 93.6%

Details

CWE
CWE-22
Status published
Products (8)
ibm/rational_license_key_server 8.0
ibm/rational_license_key_server 8.1
ibm/rational_license_key_server 8.1.1
ibm/rational_license_key_server 8.1.2
ibm/rational_license_server 7.0
ibm/rational_license_server 7.1
ibm/rational_license_server 7.5
ibm/telelogic_license_server 2.0
Published Jan 19, 2012
Tracked Since Feb 18, 2026