Vulnerabilities > CVE-2014-4756 - Unspecified vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | CGI abuses |
| NASL id | IBM_RLKS_SWG21681449.NASL |
| description | The remote host is running a version 8.1.4.x of IBM Rational License Key Server Administration and Reporting Tool (RLKS) that is prior to 8.1.4.4. It is, therefore, affected by multiple vulnerabilities : - The secure flag for session cookies is not properly set when in SSL mode. An attacker can exploit this vulnerability to capture sensitive information from a cookie by intercepting its transmission. (CVE-2014-0909) - An information disclosure vulnerability exists that allows an attacker to gain access to license usage data by using a specially crafted SPARQL query. (CVE-2014-3079) - An unspecified vulnerability exists that is related to user session cookies, which an attacker can exploit to impersonate a legitimate user. (CVE-2014-4756) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 77710 |
| published | 2014-09-16 |
| reporter | This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/77710 |
| title | IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities |