Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME14F258D11F6EE028620AC3F224763DFD14D9A4D20ADF451C080A183736155CF
HistoryJun 17, 2018 - 4:56 a.m.

Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerability (CVE-2014-0909, CVE-2014-3079 and CVE-2014-4756)

2018-06-1704:56:36
www.ibm.com
8

0.003 Low

EPSS

Percentile

70.2%

JSON

Summary

Three possible security vulnerabilities have been reported in Rational License Key Server Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    β€”|β€”

CVE ID: CVE-2014-0909

Description: RLKS Administration and Reporting Tool could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91872&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-3079

Description: Unauthorized access to license usage data in RLKS Administration and Reporting Tool could be obtained by using SPARQL queries having a β€œDESCRIBE” clause. Use of this clause could bypass the authorization mechanism that license usage data store has and could allow a user to access specific resource URLs, which the user may not be authorized to read.

CVSS Base Score: 2.1 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93912&gt; for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:H/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2014-4756

Description: RLKS Administration and Reporting Tool could allow an attacker to steal or manipulate user session and cookies, which might be used to impersonate a legitimate user.

CVSS Base Score: 3.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94444&gt; for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

These vulnerabilities impact the following RLKS components and its releases:

  • RLKS Administration and Reporting Tool version 8.1.4
  • RLKS Administration and Reporting Tool version 8.1.4.2
  • RLKS Administration and Reporting Tool version 8.1.4.3

Remediation/Fixes

These vulnerabilities have been fixed in Rational License Key Server Fix Pack 4 (8.1.4.4) for 8.1.4.

Workarounds and Mitigations

None

Related

nessus 1
cve 3
cvelist 3
prion 3
nvd 3
nessus
nessus
IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities
2014-09-16 00:00:00
cve
cve
CVE-2014-4756
2014-09-10 10:55:07
CVE-2014-0909
2014-09-10 10:55:07
CVE-2014-3079
2014-09-10 10:55:07
cvelist
cvelist
CVE-2014-4756
2014-09-10 10:00:00
CVE-2014-0909
2014-09-10 10:00:00
CVE-2014-3079
2014-09-10 10:00:00
prion
prion
Code injection
2014-09-10 10:55:00
Session fixation
2014-09-10 10:55:00
Authorization
2014-09-10 10:55:00
nvd
nvd
CVE-2014-4756
2014-09-10 10:55:07
CVE-2014-3079
2014-09-10 10:55:07
CVE-2014-0909
2014-09-10 10:55:07

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for E14F258D11F6EE028620AC3F224763DFD14D9A4D20ADF451C080A183736155CF
nessus1cve3cvelist3prion3nvd3