CVE-2014-6148 - Vulnerability Details

Vendors	Products
Ibm	Tivoli Application Dependency Discovery Manager

Link	Providers
http://secunia.com/advisories/61785
http://www-01.ibm.com/support/docview.wss?uid=swg21688549
http://www.securityfocus.com/bid/70842
https://exchange.xforce.ibmcloud.com/vulnerabilities/96918

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"}, {"name": "61785", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61785"}, {"name": "ibm-taddm-cve20146148-info-disc(96918)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"}, {"name": "70842", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70842"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-6148", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"}, {"name": "61785", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61785"}, {"name": "ibm-taddm-cve20146148-info-disc(96918)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"}, {"name": "70842", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70842"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:10:12.215Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"}, {"name": "61785", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61785"}, {"name": "ibm-taddm-cve20146148-info-disc(96918)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"}, {"name": "70842", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70842"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-6148", "datePublished": "2014-10-31T10:00:00", "dateReserved": "2014-09-02T00:00:00", "dateUpdated": "2024-08-06T12:10:12.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-10-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-07T15:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

}

1 : { »

name : 61785 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/61785 (string)

}

2 : { »

name : ibm-taddm-cve20146148-info-disc(96918) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 (string)

}

3 : { »

name : 70842 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/70842 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2014-6148 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

}

1 : { »

name : 61785 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/61785 (string)

}

2 : { »

name : ibm-taddm-cve20146148-info-disc(96918) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 (string)

}

3 : { »

name : 70842 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/70842 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T12:10:12.215Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

}

1 : { »

name : 61785 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/61785 (string)

}

2 : { »

name : ibm-taddm-cve20146148-info-disc(96918) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 (string)

}

3 : { »

name : 70842 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/70842 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2014-6148 (string)

datePublished : 2014-10-31T10:00:00 (string)

dateReserved : 2014-09-02T00:00:00 (string)

dateUpdated : 2024-08-06T12:10:12.215Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C95C26D6-183C-478D-9301-513DAB774616", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B78F659C-C466-4337-8552-154EC7652BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C02B4388-6AAB-436D-9F21-5CDA8BE20A97", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C610817E-069B-42BF-84F1-A55EF30FF15A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B3BAD402-6022-4D72-839A-A92B984278D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "186660BD-4B0F-4A2A-A6A6-1E61FB61BF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "152727A5-7CA6-4AF8-A42A-1049BFB9AB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "B9801F07-7AA8-4F76-B1B8-90271CB0D8E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "757D89F2-7C6D-4213-89EF-DE766D161B26", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."}, {"lang": "es", "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticaci\u00f3n TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de la base de datos a trav\u00e9s de una URL manipulada."}], "id": "CVE-2014-6148", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-31T10:55:02.330", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/61785"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/70842"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C3051563-70C2-432A-9874-6529362142B9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C95C26D6-183C-478D-9301-513DAB774616 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : B78F659C-C466-4337-8552-154EC7652BA4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : C02B4388-6AAB-436D-9F21-5CDA8BE20A97 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : C610817E-069B-42BF-84F1-A55EF30FF15A (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : B3BAD402-6022-4D72-839A-A92B984278D9 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 186660BD-4B0F-4A2A-A6A6-1E61FB61BF58 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 152727A5-7CA6-4AF8-A42A-1049BFB9AB94 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:* (string)

matchCriteriaId : B9801F07-7AA8-4F76-B1B8-90271CB0D8E2 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F27ECD8-CC5D-4974-AE3B-658D2871FF0F (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 035E6C30-71E7-4EA9-A3C1-71BB371E4A94 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FCD5C82A-7E0E-4282-B9B1-0655670BD53E (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B45DA120-0BFB-4F0C-990B-34C0821B5583 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 5695CA2C-7F34-4350-8C25-F5584ABCCCF1 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 42BFE717-10BC-4710-AFE9-1565F32C2450 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 757D89F2-7C6D-4213-89EF-DE766D161B26 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. (string)

}

1 : { »

lang : es (string)

value : IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticación TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener información sensible de la base de datos a través de una URL manipulada. (string)

}

]

id : CVE-2014-6148 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-10-31T10:55:02.330 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://secunia.com/advisories/61785 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : http://www.securityfocus.com/bid/70842 (string)

}

3 : { »

source : psirt@us.ibm.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/61785 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21688549 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/70842 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object