CVE-2014-6148

IBM Tivoli Application Dependency Dis... - Authentication Bypass

Title source: rule

Description

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

References (4)

Scores

EPSS 0.0017
EPSS Percentile 38.1%

Classification

CWE
CWE-287
Status draft

Affected Products (21)

ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
ibm/tivoli_application_dependency_discovery_manager
... and 6 more

Timeline

Published Oct 31, 2014
Tracked Since Feb 18, 2026