Vulnerability Description
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational License Key Server | 8.0 |
| Ibm | Rational License Server | 7.0 |
| Ibm | Telelogic License Server | 2.0 |
Related Weaknesses (CWE)
References
- http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&doc
- http://secunia.com/advisories/47522Vendor Advisory
- http://secunia.com/advisories/47524Vendor Advisory
- http://www.flexerasoftware.com/pl/13057.htm
- http://www.ibm.com/support/docview.wss?uid=swg21577760PatchVendor Advisory
- http://www.securityfocus.com/bid/49191
- http://www.zerodayinitiative.com/advisories/ZDI-11-272/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71739
- http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&doc
- http://secunia.com/advisories/47522Vendor Advisory
- http://secunia.com/advisories/47524Vendor Advisory
- http://www.flexerasoftware.com/pl/13057.htm
- http://www.ibm.com/support/docview.wss?uid=swg21577760PatchVendor Advisory
- http://www.securityfocus.com/bid/49191
- http://www.zerodayinitiative.com/advisories/ZDI-11-272/
FAQ
What is CVE-2011-1389?
CVE-2011-1389 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Ser...
How severe is CVE-2011-1389?
CVE-2011-1389 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1389?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational License Key Server, Ibm Rational License Server, Ibm Telelogic License Server.