All the vulnerabilites related to ibm - rational_clearcase
cve-2014-0931
Vulnerability from cvelistv5
Published
2018-04-20 21:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92263 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21668868 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0931",
"datePublished": "2018-04-20T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5039
Vulnerability from cvelistv5
Published
2018-03-26 18:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21976566 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/106715 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5039",
"datePublished": "2018-03-26T18:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0829
Vulnerability from cvelistv5
Published
2014-03-21 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?&uid=swg21662086 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/66339 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90568 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086"
},
{
"name": "66339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66339"
},
{
"name": "ibm-clearcase-cve20140829-bo(90568)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086"
},
{
"name": "66339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66339"
},
{
"name": "ibm-clearcase-cve20140829-bo(90568)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086"
},
{
"name": "66339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66339"
},
{
"name": "ibm-clearcase-cve20140829-bo(90568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0829",
"datePublished": "2014-03-21T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5416
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21657982 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87478 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135416-priv-escalation(87478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135416-priv-escalation(87478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135416-priv-escalation(87478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5416",
"datePublished": "2013-12-18T11:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6221
Vulnerability from cvelistv5
Published
2015-04-06 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21698893 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73915 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032026 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6221",
"datePublished": "2015-04-06T00:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6134
Vulnerability from cvelistv5
Published
2015-03-25 01:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21688450 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T01:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6134",
"datePublished": "2015-03-25T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4357
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-09-17 03:59
Severity ?
EPSS score ?
Summary
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023370 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/37385 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37811 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2009/3580 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023370",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023370"
},
{
"name": "37385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37385"
},
{
"name": "37811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37811"
},
{
"name": "PK86377",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"name": "ADV-2009-3580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-18T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023370",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023370"
},
{
"name": "37385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37385"
},
{
"name": "37811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37811"
},
{
"name": "PK86377",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"name": "ADV-2009-3580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023370",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023370"
},
{
"name": "37385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37385"
},
{
"name": "37811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37811"
},
{
"name": "PK86377",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"name": "ADV-2009-3580",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4357",
"datePublished": "2009-12-18T19:00:00Z",
"dateReserved": "2009-12-18T00:00:00Z",
"dateUpdated": "2024-09-17T03:59:45.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3090
Vulnerability from cvelistv5
Published
2014-09-23 20:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94256 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/69964 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030883 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21677285 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3090",
"datePublished": "2014-09-23T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3105
Vulnerability from cvelistv5
Published
2014-09-23 21:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21682949 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94312 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3105",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3104
Vulnerability from cvelistv5
Published
2014-09-23 21:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21682942 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94311 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3104",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5373
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21648811 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86791 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811"
},
{
"name": "clearcase-cve20135373-priv-esc(86791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811"
},
{
"name": "clearcase-cve20135373-priv-esc(86791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811"
},
{
"name": "clearcase-cve20135373-priv-esc(86791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5373",
"datePublished": "2013-09-25T10:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1205
Vulnerability from cvelistv5
Published
2011-03-29 18:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66304 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66324 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2011/0832 | vdb-entry, x_refsource_VUPEN | |
| http://www.ibm.com/support/docview.wss?uid=swg21470998 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1025269 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1025268 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rational-licensing-code-execution(66304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
},
{
"name": "rational-licensing-code-execution(66324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
},
{
"name": "ADV-2011-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
},
{
"name": "1025269",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025269"
},
{
"name": "1025268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rational-licensing-code-execution(66304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
},
{
"name": "rational-licensing-code-execution(66324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
},
{
"name": "ADV-2011-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
},
{
"name": "1025269",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025269"
},
{
"name": "1025268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rational-licensing-code-execution(66304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
},
{
"name": "rational-licensing-code-execution(66324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
},
{
"name": "ADV-2011-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0832"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21470998",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
},
{
"name": "1025269",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025269"
},
{
"name": "1025268",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1205",
"datePublished": "2011-03-29T18:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5415
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21657982 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87477 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135415-bo(87477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135415-bo(87477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"name": "ibm-rational-cve20135415-bo(87477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5415",
"datePublished": "2013-12-18T11:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4059
Vulnerability from cvelistv5
Published
2019-02-15 20:00
Modified
2024-09-17 02:20
Severity ?
EPSS score ?
Summary
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870810 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156583 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Rational ClearCase |
Version: 1.0.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational ClearCase",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.0"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-4059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational ClearCase",
"version": {
"version_data": [
{
"version_value": "1.0.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870810",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4059",
"datePublished": "2019-02-15T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:20:40.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3106
Vulnerability from cvelistv5
Published
2014-09-23 21:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21682950 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94313 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3106",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1292
Vulnerability from cvelistv5
Published
2009-04-14 16:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34483 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/34689 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49836 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1017 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022035 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34483"
},
{
"name": "PK75832",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"name": "34689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34689"
},
{
"name": "clearcase-ucmcq-information-disclosure(49836)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
},
{
"name": "ADV-2009-1017",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"name": "1022035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34483"
},
{
"name": "PK75832",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"name": "34689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34689"
},
{
"name": "clearcase-ucmcq-information-disclosure(49836)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
},
{
"name": "ADV-2009-1017",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"name": "1022035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34483"
},
{
"name": "PK75832",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"name": "34689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34689"
},
{
"name": "clearcase-ucmcq-information-disclosure(49836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
},
{
"name": "ADV-2009-1017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"name": "1022035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1292",
"datePublished": "2009-04-14T16:00:00",
"dateReserved": "2009-04-14T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5422
Vulnerability from cvelistv5
Published
2013-12-19 22:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87484 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660036 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM97698",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698"
},
{
"name": "ibm-rational-cve20135422-info-disc(87484)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PM97698",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698"
},
{
"name": "ibm-rational-cve20135422-info-disc(87484)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM97698",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698"
},
{
"name": "ibm-rational-cve20135422-info-disc(87484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87484"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5422",
"datePublished": "2013-12-19T22:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3103
Vulnerability from cvelistv5
Published
2014-09-23 21:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21682947 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94270 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3103",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3101
Vulnerability from cvelistv5
Published
2014-09-23 20:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94268 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21682946 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030884 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearquest-cve20143101-bruteforce(94268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"name": "1030884",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearquest-cve20143101-bruteforce(94268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"name": "1030884",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearquest-cve20143101-bruteforce(94268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"name": "1030884",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3101",
"datePublished": "2014-09-23T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2024-11-21 01:57
Severity ?
Summary
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en IBM Rational ClearCase hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.9 y 8.0.1.x anteriores a 8.0.1.2 permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5415",
"lastModified": "2024-11-21T01:57:26.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-18T16:04:33.570",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2024-11-21 01:57
Severity ?
Summary
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Rational ClearCase hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.3 y 8.0.1.x anteriores a 8.0.1.2 permite a usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-5416",
"lastModified": "2024-11-21T01:57:26.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-18T16:04:33.600",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87478"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El formulario de inicio de sesi\u00f3n en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no introduce un retraso despu\u00e9s de un intento de autenticaci\u00f3n fallido, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-3101",
"lastModified": "2024-11-21T02:07:27.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T20:55:02.967",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030884"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "IBM Rational ClearCase 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un documento XML manipulado que tiene un gran n\u00famero de referencias de entidad anidadas, un problema similar a CVE-2003-1564."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2014-3090",
"lastModified": "2024-11-21T02:07:26.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T20:55:02.907",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-25 01:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21688450 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21688450 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | installation_manager | * | |
| ibm | rational_clearcase | 8.0.0 | |
| ibm | rational_clearcase | 8.0.0.1 | |
| ibm | rational_clearcase | 8.0.0.2 | |
| ibm | rational_clearcase | 8.0.0.3 | |
| ibm | rational_clearcase | 8.0.0.4 | |
| ibm | rational_clearcase | 8.0.0.5 | |
| ibm | rational_clearcase | 8.0.0.6 | |
| ibm | rational_clearcase | 8.0.0.7 | |
| ibm | rational_clearcase | 8.0.0.8 | |
| ibm | rational_clearcase | 8.0.0.9 | |
| ibm | rational_clearcase | 8.0.0.10 | |
| ibm | rational_clearcase | 8.0.0.11 | |
| ibm | rational_clearcase | 8.0.0.12 | |
| ibm | rational_clearcase | 8.0.0.13 | |
| ibm | rational_clearcase | 8.0.1 | |
| ibm | rational_clearcase | 8.0.1.1 | |
| ibm | rational_clearcase | 8.0.1.2 | |
| ibm | rational_clearcase | 8.0.1.3 | |
| ibm | rational_clearcase | 8.0.1.4 | |
| ibm | rational_clearcase | 8.0.1.5 | |
| ibm | rational_clearcase | 8.0.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC55684-C384-4834-8D0E-E773271E9DF6",
"versionEndIncluding": "1.8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30D45D8C-4917-4F07-82E8-6FB909769897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "169B3158-9039-40D9-B408-533D50448059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F732B2D-6996-4D62-9D81-E1452E982A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7118232D-D226-4856-80E1-1EC42DFFFFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
},
{
"lang": "es",
"value": "IBM Rational ClearCase 8.0.0 anterior a 8.0.0.14 y 8.0.1 anterior a 8.0.1.7, cuando se utiliza Installation Manager anterior a 1.8.2, retiene las contrase\u00f1as del servidor en texto plano en la memoria de proceso durante todo el procedimiento de instalaci\u00f3n, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento del acceso a la cuenta de instalaci\u00f3n."
}
],
"id": "CVE-2014-6134",
"lastModified": "2024-11-21T02:13:50.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-25T01:59:03.767",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 21:55
Modified
2024-11-21 02:07
Severity ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
},
{
"lang": "es",
"value": "IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no implementa debidamente el mecanismo de protecci\u00f3n de Local Access Only, lo que permite a atacantes remotos evadir la autenticaci\u00f3n y leer ficheros a trav\u00e9s de funcionalidad de Ayuda de Administraci\u00f3n del Servidor."
}
],
"id": "CVE-2014-3106",
"lastModified": "2024-11-21T02:07:28.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.943",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-14 16:26
Modified
2024-11-21 01:02
Severity ?
Summary
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | 7.0 | |
| ibm | rational_clearcase | 7.0.0.1 | |
| ibm | rational_clearcase | 7.0.0.2 | |
| ibm | rational_clearcase | 7.0.0.3 | |
| ibm | rational_clearcase | 7.0.0.4 | |
| ibm | rational_clearcase | 7.0.1 | |
| ibm | rational_clearcase | 7.0.1.1 | |
| ibm | rational_clearcase | 7.0.1.2 | |
| ibm | rational_clearcase | 7.0.1.3 | |
| ibm | rational_clearcase | 7.1 | |
| ibm | aix | * | |
| unix | unix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9F09C7-CF4B-42FA-ADDD-189E60813590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D00DF56-BFB1-4B91-95A4-0A2F33074AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58FCE9A7-B9C0-470D-A71D-2A94F826A907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E41B2A6E-F8F9-4D81-840A-B520BC557515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED125939-3657-45AC-8F41-F61B08B4A220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCE7749-300A-452B-B428-9CF1DB000205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process."
},
{
"lang": "es",
"value": "UCM-CQ en IBM Rational ClearCase 7.0.0.x versiones anteriores a v7.0.0.5, 7.0.1.x versiones anteriores a v7.0.1.4, y 7.1.x versiones anteriores a v7.1.0.1 en Linux y AIX sit\u00faa un nombre de usuario y una contrase\u00f1a en la l\u00ednea de comandos, lo cual permite a usuarios locales obtener credenciales listando el proceso."
}
],
"id": "CVE-2009-1292",
"lastModified": "2024-11-21T01:02:07.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-14T16:26:56.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34689"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34483"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022035"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | 7.0.0.1 | |
| ibm | rational_clearcase | 7.0.0.2 | |
| ibm | rational_clearcase | 7.0.0.4 | |
| ibm | rational_clearcase | 7.0.1.1 | |
| ibm | rational_clearcase | 7.0.1.3 | |
| ibm | rational_clearquest | 5.00 | |
| ibm | rational_clearquest | 5.20 | |
| ibm | rational_clearquest | 6.00 | |
| ibm | rational_clearquest | 6.10 | |
| ibm | rational_clearquest | 6.12 | |
| ibm | rational_clearquest | 6.13 | |
| ibm | rational_clearquest | 6.14 | |
| ibm | rational_clearquest | 6.15 | |
| ibm | rational_clearquest | 6.16 | |
| ibm | rational_clearquest | 7.0 | |
| ibm | rational_clearquest | 7.0.0.1 | |
| ibm | rational_clearquest | 7.0.1 | |
| ibm | rational_clearquest | 7.0.1.0 | |
| ibm | rational_clearquest | 7.0.1.1 | |
| ibm | rational_clearquest | 7.0.1.3 | |
| ibm | rational_clearquest | 7.0.2 | |
| ibm | rational_clearquest | 2007 | |
| ibm | rational_clearquest | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3717DBA-FF31-4542-BE04-FD2B89447B6B",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D00DF56-BFB1-4B91-95A4-0A2F33074AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58FCE9A7-B9C0-470D-A71D-2A94F826A907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5E8200-BB7C-48DE-B946-27535E6F5D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3C11BD51-B4FB-4717-B614-EC2785C20493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A04B4977-F5C0-4438-BBB2-541A3221082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "900B37B1-944F-4B18-97AD-E4696F6E4F1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz web (tambi\u00e9n conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexi\u00f3n autom\u00e1tica, lo que podr\u00eda \r\npermitir descubrir las contrase\u00f1as de cuentas de usuario los atacantes remotos mediante vectores no especificados."
}
],
"id": "CVE-2009-4357",
"lastModified": "2024-11-21T01:09:26.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-18T19:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37811"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023370"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37385"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3580"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 22:55
Modified
2024-11-21 01:57
Severity ?
Summary
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors."
},
{
"lang": "es",
"value": "El Web Client de IBM Rational ClearQuest 7.1 hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.9, y 8.0.1.x anteriores a 8.0.1.2, cuando existe un dataset multi-database permite a atacantes remotos leer los nombres de base de datos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5422",
"lastModified": "2024-11-21T01:57:27.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T22:55:04.307",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87484"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 21:55
Modified
2024-11-21 02:07
Severity ?
Summary
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
},
{
"lang": "es",
"value": "La funci\u00f3n de integraci\u00f3n OSLC en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 proporciona mensajes de error diferentes para intentos de conexi\u00f3n fallidos en funci\u00f3n de si existe el nombre de usuario, lo que permite a atacantes remotos enumerar los nombres de cuenta a trav\u00e9s de una serie de peticiones."
}
],
"id": "CVE-2014-3105",
"lastModified": "2024-11-21T02:07:28.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-26 18:29
Modified
2024-11-21 02:32
Severity ?
Summary
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21976566 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/106715 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21976566 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/106715 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925901D0-7CB9-42E3-B354-B1B5CF416461",
"versionEndIncluding": "7.1.2.16",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "383652E4-DC7F-445F-A4BE-AB8142D1CD02",
"versionEndIncluding": "8.0.0.17",
"versionStartExcluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375FBC6F-C565-4AB4-AFAA-65748660B34C",
"versionEndIncluding": "8.0.1.10",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
},
{
"lang": "es",
"value": "El cliente remoto y las integraciones de gesti\u00f3n de cambio en las versiones 7.1.x y 8.0.0.x de IBM Rational ClearCase anteriores a la 8.0.0.18 y en las versiones 8.0.1.x anteriores a la 8.0.1.11, no valida correctamente los nombres de host en certificados X.509 de los servidores SSL, lo cual permite a atacantes remotos suplantar estos servidores y obtener informaci\u00f3n sensible o modificar el tr\u00e1fico de red mediante un certificado manipulado. IBM X-Force ID: 106715."
}
],
"id": "CVE-2015-5039",
"lastModified": "2024-11-21T02:32:12.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T18:29:00.440",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 21:55
Modified
2024-11-21 02:07
Severity ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un documento XML manipulado que contiene un n\u00famero grande de referencias de entidad anidadas, un problema similar al CVE-2003-1564."
}
],
"id": "CVE-2014-3104",
"lastModified": "2024-11-21T02:07:28.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.850",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2024-11-21 01:57
Severity ?
Summary
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | 8.0.0.3 | |
| ibm | rational_clearcase | 8.0.0.4 | |
| ibm | rational_clearcase | 8.0.0.5 | |
| ibm | rational_clearcase | 8.0.0.6 | |
| ibm | rational_clearcase | 8.0.0.7 | |
| ibm | rational_clearcase | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands."
},
{
"lang": "es",
"value": "El componente RemoteClient en IBM Rational ClearCase 8.0.0.03 hasta la versi\u00f3n 8.0.0.07, y 8.0.1, utiliza permisos de escritura para el script rcleartool, lo que permite a usuarios locales obtener privilegios a\u00f1adiendo comandos."
}
],
"id": "CVE-2013-5373",
"lastModified": "2024-11-21T01:57:22.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-25T10:31:29.300",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86791"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 21:55
Modified
2024-11-21 02:07
Severity ?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
},
{
"lang": "es",
"value": "El componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no configura el indicador de seguridad para la cookie de la sesi\u00f3n en una sesi\u00f3n https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepci\u00f3n de su transmisi\u00f3n dentro de una sesi\u00f3n http."
}
],
"id": "CVE-2014-3103",
"lastModified": "2024-11-21T02:07:28.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.817",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-21 10:55
Modified
2024-11-21 02:02
Severity ?
Summary
Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E41B2A6E-F8F9-4D81-840A-B520BC557515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B7253C-8C65-4741-ACEA-ACB48D64CA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25406D9C-7938-44A9-A396-D84653511721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89289CAB-2043-41C0-AF40-C450AB3CEDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "186D9C7F-3E3E-477E-A20A-91E70264AF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "908678FF-CB67-430A-A9E0-4F408FA00AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED125939-3657-45AC-8F41-F61B08B4A220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCE7749-300A-452B-B428-9CF1DB000205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45659CEA-A7C3-45EE-B0FF-A612BD701485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D149E05-BFCF-4C5A-9B9E-E1C5510E5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBB3504-A37E-49D0-B668-00E57AC0B58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CF9723-DCC6-47CE-BAC3-07E54CAD2382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB83063B-B145-44F1-A331-B1534551F097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2E9160-FFF9-4FEF-A498-D9E52C1F1FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04699004-9016-40F6-8BA3-46ED1048EF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6E9FBE-4D7A-4775-94AB-614653718710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en IBM Rational ClearCase 7.x anterior a 7.1.2.13, 8.0.0.x anterior a 8.0.0.10 y 8.0.1.x anterior a 8.0.1.3 permiten a usuarios remotos autenticados obtener acceso privilegiado a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0829",
"lastModified": "2024-11-21T02:02:52.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-21T10:55:05.127",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/66339"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21662086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90568"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-06 00:59
Modified
2024-11-21 02:13
Severity ?
Summary
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F01E597D-537D-47DA-8536-F7CF6D34E7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB608D6-E2C2-47A8-95A1-3794621DBE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30D45D8C-4917-4F07-82E8-6FB909769897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "169B3158-9039-40D9-B408-533D50448059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F732B2D-6996-4D62-9D81-E1452E982A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7118232D-D226-4856-80E1-1EC42DFFFFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de la interfaz MSCAPI/MSCNG en GSKit en IBM Rational ClearCase 7.1.2.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 no genera correctamente los n\u00fameros aleatorios, lo que facilita a atacantes remotos superar los mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6221",
"lastModified": "2024-11-21T02:13:58.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-06T00:59:00.033",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032026"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-29 18:55
Modified
2024-11-21 01:25
Severity ?
Summary
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B7253C-8C65-4741-ACEA-ACB48D64CA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25406D9C-7938-44A9-A396-D84653511721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89289CAB-2043-41C0-AF40-C450AB3CEDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "186D9C7F-3E3E-477E-A20A-91E70264AF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "908678FF-CB67-430A-A9E0-4F408FA00AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED125939-3657-45AC-8F41-F61B08B4A220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCE7749-300A-452B-B428-9CF1DB000205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45659CEA-A7C3-45EE-B0FF-A612BD701485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D149E05-BFCF-4C5A-9B9E-E1C5510E5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBB3504-A37E-49D0-B668-00E57AC0B58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CF9723-DCC6-47CE-BAC3-07E54CAD2382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB83063B-B145-44F1-A331-B1534551F097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2E9160-FFF9-4FEF-A498-D9E52C1F1FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04699004-9016-40F6-8BA3-46ED1048EF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6E9FBE-4D7A-4775-94AB-614653718710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "697342E1-79DB-44AE-BAF9-C90D48F20720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3C539B-B353-4A62-AD9D-F6E2D5ED0F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "56358994-690C-404F-9931-F6240CF869D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "977C5C80-A289-4AFE-B910-2D17E1761711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5CA588-A2F2-46AA-9C76-E9B51BF2B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "97B82694-8D27-485E-8B02-A93146AADA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6843D8A9-4884-49C0-B663-E400F8060D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F558D1-A530-4778-A061-CA68DB2AA86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3D0F17-A127-4514-85C4-266F371592DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "125F8B61-FD9F-411D-9555-FCC75BB98E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4842BC01-2573-4143-9C98-CB54FFEEBF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E493C7B-F6F5-4F00-8AFC-8DA9AE21CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A36449BB-861A-47F7-94BF-58CEED569FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49FB892E-4795-4488-8198-DC7F9EEFDB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F6382-5DA8-43E6-BB41-9BFD465EC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E86218F-3AA1-4287-B71E-0A0DFD46B8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EA8EF0-1288-4AC6-81BF-0FA63FBD5C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "888C7414-FF22-4102-94CD-EE695967107A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D6B321-7AD3-4B70-B853-80764815985D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3685261-5566-463C-BABF-DC68A2A6529D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AACE52B-8712-4D41-94B6-16C4B7B79B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABDC099-EEB7-4ED2-B381-2A7D4674ED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8D8B01-BABC-4294-89DB-11A65B2F31F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3153FA5A-6A8E-40EC-9F55-15F570613C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C48E34C-865D-4C82-A4C5-6F18A0A1044C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros productos, permite a usuarios locales ganar privilegios a trav\u00e9s de un documento HTML caballo de troya en la zona de Mi PC"
}
],
"id": "CVE-2011-1205",
"lastModified": "2024-11-21T01:25:47.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-29T18:55:02.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025268"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025269"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 21:29
Modified
2024-11-21 02:03
Severity ?
Summary
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21668868 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/92263 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21668868 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/92263 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33D0745A-86D8-4077-B08D-E130155CE906",
"versionEndIncluding": "7.1.0.2",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D8B47-39C6-4859-9473-3A00704E0DF2",
"versionEndIncluding": "7.1.1.9",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588FC5AF-08A5-43C8-BEDC-B23D7666378F",
"versionEndIncluding": "7.1.2.13",
"versionStartIncluding": "7.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "190BFB10-0F26-4376-BF87-FDC650854466",
"versionEndIncluding": "8.0.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E809EC3-3FE7-48E8-9CFE-B467288F3FEE",
"versionEndIncluding": "8.0.1.3",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en (1) CCRC WAN Server / CM Server, (2) los scripts de desencadenamiento de integraci\u00f3n Perl CC/CQ, (3) la interfaz Java CMAPI, (4) el cliente remoto ClearCase y (5) los componentes de integraci\u00f3n basados en CMI y OSLC ClearQuest en IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92263."
}
],
"id": "CVE-2014-0931",
"lastModified": "2024-11-21T02:03:03.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T21:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-15 20:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156583 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870810 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156583 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870810 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490D4370-7552-402A-8CBB-BBA844D5A76F",
"versionEndExcluding": "9.0.1.5",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
},
{
"lang": "es",
"value": "El conector GIT de IBM Rational ClearCase 1.0.0.0 no protege lo suficiente la contrase\u00f1a de la base de datos de documentos. Un atacante podr\u00eda obtener la contrase\u00f1a y acceso no autorizado a la base de datos de documentos. IBM X-Force ID: 156583."
}
],
"id": "CVE-2019-4059",
"lastModified": "2024-11-21T04:43:06.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-15T20:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}