{"api_version":"1","generated_at":"2026-05-05T05:32:42+00:00","cve":"CVE-2011-1389","urls":{"html":"https://cve.report/CVE-2011-1389","api":"https://cve.report/api/cve/CVE-2011-1389.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-1389","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-1389"},"summary":{"title":"CVE-2011-1389","description":"Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.  NOTE: this might overlap CVE-2011-4135.","state":"PUBLISHED","assigner":"mitre","published_at":"2012-01-19 19:55:00","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/","name":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21577760","name":"http://www.ibm.com/support/docview.wss?uid=swg21577760","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Vulnerability in Rational License Key Server affecting both the license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/49191","name":"http://www.securityfocus.com/bid/49191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"FlexNet License Server Manager Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/47522","name":"http://secunia.com/advisories/47522","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.flexerasoftware.com/pl/13057.htm","name":"http://www.flexerasoftware.com/pl/13057.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IT Management Software, Optimization & Solutions | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/47524","name":"http://secunia.com/advisories/47524","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Security Advisory SA47524 - IBM Telelogic / Rational License Server License Manager Log File Upload Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1","name":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Customer Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-1389","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1389","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_server","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_server","cpe6":"7.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"telelogic_license_server","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T22:21:34.199Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.flexerasoftware.com/pl/13057.htm"},{"name":"47524","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/47524"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/"},{"name":"47522","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/47522"},{"name":"49191","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/49191"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.ibm.com/support/docview.wss?uid=swg21577760"},{"name":"rlc-logfiles-code-execution(71739)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-08-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.  NOTE: this might overlap CVE-2011-4135."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.flexerasoftware.com/pl/13057.htm"},{"name":"47524","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/47524"},{"tags":["x_refsource_MISC"],"url":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1"},{"tags":["x_refsource_MISC"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/"},{"name":"47522","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/47522"},{"name":"49191","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/49191"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.ibm.com/support/docview.wss?uid=swg21577760"},{"name":"rlc-logfiles-code-execution(71739)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-1389","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.  NOTE: this might overlap CVE-2011-4135."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.flexerasoftware.com/pl/13057.htm","refsource":"MISC","url":"http://www.flexerasoftware.com/pl/13057.htm"},{"name":"47524","refsource":"SECUNIA","url":"http://secunia.com/advisories/47524"},{"name":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1","refsource":"MISC","url":"http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-11-272/"},{"name":"47522","refsource":"SECUNIA","url":"http://secunia.com/advisories/47522"},{"name":"49191","refsource":"BID","url":"http://www.securityfocus.com/bid/49191"},{"name":"http://www.ibm.com/support/docview.wss?uid=swg21577760","refsource":"CONFIRM","url":"http://www.ibm.com/support/docview.wss?uid=swg21577760"},{"name":"rlc-logfiles-code-execution(71739)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71739"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2011-1389","datePublished":"2012-01-19T19:00:00.000Z","dateReserved":"2011-03-10T00:00:00.000Z","dateUpdated":"2024-08-06T22:21:34.199Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-01-19 19:55:00","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_key_server:8.0:*:*:*:*:*:*:*","matchCriteriaId":"2FEF9CA6-72BA-4270-8207-05EC4B247348"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_key_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"C9D9D753-420F-4A47-832C-57E7EA257751"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_key_server:8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B09FF05-9A02-4E7D-A9C5-B89693F8E1C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_key_server:8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"9EDEEB79-F35A-4C70-952D-F8699DD18AA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"107D32BA-BD97-4E16-BD4D-E65D357DC2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_server:7.1:*:*:*:*:*:*:*","matchCriteriaId":"DDD1DA46-2348-4A73-9174-C52F50619A76"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_license_server:7.5:*:*:*:*:*:*:*","matchCriteriaId":"9057BFED-74A6-49B9-9A26-5E27058B67C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:telelogic_license_server:2.0:*:*:*:*:*:*:*","matchCriteriaId":"44479B86-31BC-4EB7-9330-EAD394D8FDEE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"1389","Ordinal":"1","Title":"CVE-2011-1389","CVE":"CVE-2011-1389","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"1389","Ordinal":"1","NoteData":"Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.  NOTE: this might overlap CVE-2011-4135.","Type":"Description","Title":"CVE-2011-1389"},{"CveYear":"2011","CveId":"1389","Ordinal":"2","NoteData":"2012-01-19","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"1389","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}