Vulnerability CVE-2011-1389
Published: 2012-01-19   Modified: 2012-02-13

Description:
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Rational license key server 
IBM -> Rational license server 
IBM -> Telelogic license server 

 References:
http://www.ibm.com/support/docview.wss?uid=swg21577760
http://xforce.iss.net/xforce/xfdb/71739
http://www.zerodayinitiative.com/advisories/ZDI-11-272/
http://www.securityfocus.com/bid/49191
http://www.flexerasoftware.com/pl/13057.htm
http://secunia.com/advisories/47524
http://secunia.com/advisories/47522
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1
Copyright 2024, cxsecurity.com

 

Back to Top