CVE-2014-6148 Information

Description

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads which allows remote authenticated users to obtain sensitive database information via a crafted URL.

Reference

http://secunia.com/advisories/61785 http://www.securityfocus.com/bid/70842 http://www-01.ibm.com/support/docview.wss?uid=swg21688549 https://exchange.xforce.ibmcloud.com/vulnerabilities/96918