CVE-2011-1389 (GCVE-0-2011-1389)
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-08-06 22:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:21:34.199Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.flexerasoftware.com/pl/13057.htm" }, { "name": "47524", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47524" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/" }, { "name": "47522", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47522" }, { "name": "49191", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/49191" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21577760" }, { "name": "rlc-logfiles-code-execution(71739)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71739" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-08-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.flexerasoftware.com/pl/13057.htm" }, { "name": "47524", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47524" }, { "tags": [ "x_refsource_MISC" ], "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/" }, { "name": "47522", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47522" }, { "name": "49191", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/49191" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21577760" }, { "name": "rlc-logfiles-code-execution(71739)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71739" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1389", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.flexerasoftware.com/pl/13057.htm", "refsource": "MISC", "url": "http://www.flexerasoftware.com/pl/13057.htm" }, { "name": "47524", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47524" }, { "name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1", "refsource": "MISC", "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/" }, { "name": "47522", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47522" }, { "name": "49191", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49191" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21577760", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21577760" }, { "name": "rlc-logfiles-code-execution(71739)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71739" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1389", "datePublished": "2012-01-19T19:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:21:34.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2011-1389\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-01-19T19:55:00.990\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de salto de directorio en el demonio de proveedor de Rational Common Licensing en Telelogic License Server v2.0, Rational License Server v7.x y ibmratl en IBM Rational License Key Server (RLKS) v8.0 hasta v8.1.2 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con las operaciones de guardar, renombrar y carga en los archivos de registro. NOTA: \u00e9ste problema podr\u00eda superponerse con el CVE-2011-4135.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_key_server:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEF9CA6-72BA-4270-8207-05EC4B247348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_key_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D9D753-420F-4A47-832C-57E7EA257751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_key_server:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B09FF05-9A02-4E7D-A9C5-B89693F8E1C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_key_server:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDEEB79-F35A-4C70-952D-F8699DD18AA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"107D32BA-BD97-4E16-BD4D-E65D357DC2EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD1DA46-2348-4A73-9174-C52F50619A76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_license_server:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9057BFED-74A6-49B9-9A26-5E27058B67C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:telelogic_license_server:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44479B86-31BC-4EB7-9330-EAD394D8FDEE\"}]}]}],\"references\":[{\"url\":\"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/47522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/47524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.flexerasoftware.com/pl/13057.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21577760\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/49191\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-272/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/47522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/47524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.flexerasoftware.com/pl/13057.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21577760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/49191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-272/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…