What is the severity of CVE-2014-6148?

CVE-2014-6148 is classified as a medium severity vulnerability.

How does CVE-2014-6148 affect IBM Tivoli Application Dependency Discovery Manager?

CVE-2014-6148 allows remote authenticated users to obtain sensitive database information by crafting specific URLs due to the lack of required authentication for rptdesign downloads.

How do I fix CVE-2014-6148?

To fix CVE-2014-6148, you should apply the latest patches released by IBM for the affected versions of Tivoli Application Dependency Discovery Manager.

Is CVE-2014-6148 a known issue in the IBM security landscape?

Yes, CVE-2014-6148 is a documented vulnerability within IBM's security advisories and has been previously highlighted.

Vulnerability/
CVE-2014-6148

low

3.5

CWE

287

31/10/2014

6/8/2024

CVE-2014-6148

First published: Fri Oct 31 2014(Updated: )

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.0
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.1
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.2
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.3
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.4
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.5
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.6
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.7
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.8
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.9
IBM Tivoli Application Dependency Discovery Manager	=7.2.0.10
IBM Tivoli Application Dependency Discovery Manager	=7.2.1
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.1
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.2
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.3
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.4
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.5
IBM Tivoli Application Dependency Discovery Manager	=7.2.1.6
IBM Tivoli Application Dependency Discovery Manager	=7.2.2
IBM Tivoli Application Dependency Discovery Manager	=7.2.2.1
IBM Tivoli Application Dependency Discovery Manager	=7.2.2.2

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21688549

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-6148?
CVE-2014-6148 is classified as a medium severity vulnerability.
How does CVE-2014-6148 affect IBM Tivoli Application Dependency Discovery Manager?
CVE-2014-6148 allows remote authenticated users to obtain sensitive database information by crafting specific URLs due to the lack of required authentication for rptdesign downloads.
How do I fix CVE-2014-6148?
To fix CVE-2014-6148, you should apply the latest patches released by IBM for the affected versions of Tivoli Application Dependency Discovery Manager.
Which versions are affected by CVE-2014-6148?
CVE-2014-6148 affects IBM Tivoli Application Dependency Discovery Manager versions from 7.2.0.0 to 7.2.2.2.
Is CVE-2014-6148 a known issue in the IBM security landscape?
Yes, CVE-2014-6148 is a documented vulnerability within IBM's security advisories and has been previously highlighted.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/remedy
agent/severity
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/ibm
canonical/ibm tivoli application dependency discovery manager
version/ibm tivoli application dependency discovery manager/7.2.0.0
version/ibm tivoli application dependency discovery manager/7.2.0.1
version/ibm tivoli application dependency discovery manager/7.2.0.2
version/ibm tivoli application dependency discovery manager/7.2.0.3
version/ibm tivoli application dependency discovery manager/7.2.0.4
version/ibm tivoli application dependency discovery manager/7.2.0.5
version/ibm tivoli application dependency discovery manager/7.2.0.6
version/ibm tivoli application dependency discovery manager/7.2.0.7
version/ibm tivoli application dependency discovery manager/7.2.0.8
version/ibm tivoli application dependency discovery manager/7.2.0.9
version/ibm tivoli application dependency discovery manager/7.2.0.10
version/ibm tivoli application dependency discovery manager/7.2.1
version/ibm tivoli application dependency discovery manager/7.2.1.1
version/ibm tivoli application dependency discovery manager/7.2.1.2
version/ibm tivoli application dependency discovery manager/7.2.1.3
version/ibm tivoli application dependency discovery manager/7.2.1.4
version/ibm tivoli application dependency discovery manager/7.2.1.5
version/ibm tivoli application dependency discovery manager/7.2.1.6
version/ibm tivoli application dependency discovery manager/7.2.2
version/ibm tivoli application dependency discovery manager/7.2.2.1
version/ibm tivoli application dependency discovery manager/7.2.2.2

CVE-2014-6148

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-6148?

How does CVE-2014-6148 affect IBM Tivoli Application Dependency Discovery Manager?

How do I fix CVE-2014-6148?

Which versions are affected by CVE-2014-6148?

Is CVE-2014-6148 a known issue in the IBM security landscape?

Company

Resources

Contact