Unauthenticated Access to Sensitive Database Information in IBM Tivoli Application Dependency Discovery Manager (TADDM)

Unauthenticated Access to Sensitive Database Information in IBM Tivoli Application Dependency Discovery Manager (TADDM)

CVE-2014-6148 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.

Learn more about our User Device Pen Test.