CVE-2014-6148
IBM Tivoli Application Dependency Discovery Manager 7.2.0.0-7.2.2.2 - Improper Authentication
Title source: llmDescription
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61785
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70842
Scores
EPSS
0.0101
EPSS Percentile
58.7%
Details
CWE
CWE-287
Status
published
Products (21)
ibm/tivoli_application_dependency_discovery_manager
7.2.0.0
ibm/tivoli_application_dependency_discovery_manager
7.2.0.1
ibm/tivoli_application_dependency_discovery_manager
7.2.0.2
ibm/tivoli_application_dependency_discovery_manager
7.2.0.3
ibm/tivoli_application_dependency_discovery_manager
7.2.0.4
ibm/tivoli_application_dependency_discovery_manager
7.2.0.5
ibm/tivoli_application_dependency_discovery_manager
7.2.0.6
ibm/tivoli_application_dependency_discovery_manager
7.2.0.7
ibm/tivoli_application_dependency_discovery_manager
7.2.0.8
ibm/tivoli_application_dependency_discovery_manager
7.2.0.9
... and 11 more
Published
Oct 31, 2014
Tracked Since
Feb 18, 2026