Auth bypass in Ibm Tivoli_application_dependency_discovery_manager

CVE-2014-6148

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated use…

Vulnerability class: Broken Authentication

EPSS: 0.002 (38.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_application_dependency_discovery_manager — versions 7.2.0.0, 7.2.0.1, 7.2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
61785 (x_refsource_SECUNIA, third-party-advisory)
ibm-taddm-cve20146148-info-disc(96918) (vdb-entry, x_refsource_XF)
70842 (vdb-entry, x_refsource_BID)