Description
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1
Various Sources x_refsource_misc
http://www.flexerasoftware.com/pl/13057.htm
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47524
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-272/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47522
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49191
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21577760
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71739
Scores
EPSS
0.0722
EPSS Percentile
93.6%
Details
CWE
CWE-22
Status
published
Products (8)
ibm/rational_license_key_server
8.0
ibm/rational_license_key_server
8.1
ibm/rational_license_key_server
8.1.1
ibm/rational_license_key_server
8.1.2
ibm/rational_license_server
7.0
ibm/rational_license_server
7.1
ibm/rational_license_server
7.5
ibm/telelogic_license_server
2.0
Published
Jan 19, 2012
Tracked Since
Feb 18, 2026