CVE-2014-3079

2014-09-1010:55:07

CWE-264

[email protected]

web.nvd.nist.gov

ibm

rlks

cve-2014-3079

authorization bypass

sparql query

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.9%

JSON

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.

Affected configurations

NVD

Node

ibmrational_license_key_serverMatch8.1.4

ibmrational_license_key_serverMatch8.1.4.2

ibmrational_license_key_serverMatch8.1.4.3

CPENameOperatorVersion
ibm:rational_license_key_serveribm rational license key servereq8.1.4
ibm:rational_license_key_serveribm rational license key servereq8.1.4.2
ibm:rational_license_key_serveribm rational license key servereq8.1.4.3

CPE	Name	Operator	Version
ibm:rational_license_key_server	ibm rational license key server	eq	8.1.4
ibm:rational_license_key_server	ibm rational license key server	eq	8.1.4.2
ibm:rational_license_key_server	ibm rational license key server	eq	8.1.4.3