CVE-2014-3079

medium

Description

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93912

http://www.securityfocus.com/bid/69643

http://www-01.ibm.com/support/docview.wss?uid=swg24038045

http://www-01.ibm.com/support/docview.wss?uid=swg21682627

http://www-01.ibm.com/support/docview.wss?uid=swg21681449

http://secunia.com/advisories/61071

http://secunia.com/advisories/60709

Details

Source: Mitre, NVD

Published: 2014-09-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium