CVE-2014-6148

CWE-287Improper Authentication3 documents3 sources
Severity
3.5LOW
EPSS
0.2%
top 61.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Application Dependency Discovery Manager
Timeline
PublishedOct 31
Latest updateMay 17

Description

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-vhcj-2m36-3xx6: IBM Tivoli Application Dependency Discovery Manager (TADDM) 72022-05-17
CVEList
CVE-2014-6148: IBM Tivoli Application Dependency Discovery Manager (TADDM) 72014-10-31
CVE-2014-6148 (LOW CVSS 3.5) | IBM Tivoli Application Dependency D | cvebase.io