Search criteria
57 vulnerabilities found for rational_clearcase by ibm
FKIE_CVE-2019-4059
Vulnerability from fkie_nvd - Published: 2019-02-15 20:29 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156583 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10870810 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156583 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10870810 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490D4370-7552-402A-8CBB-BBA844D5A76F",
"versionEndExcluding": "9.0.1.5",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
},
{
"lang": "es",
"value": "El conector GIT de IBM Rational ClearCase 1.0.0.0 no protege lo suficiente la contrase\u00f1a de la base de datos de documentos. Un atacante podr\u00eda obtener la contrase\u00f1a y acceso no autorizado a la base de datos de documentos. IBM X-Force ID: 156583."
}
],
"id": "CVE-2019-4059",
"lastModified": "2024-11-21T04:43:06.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-15T20:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0931
Vulnerability from fkie_nvd - Published: 2018-04-20 21:29 - Updated: 2024-11-21 02:03
Severity ?
Summary
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21668868 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/92263 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21668868 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/92263 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33D0745A-86D8-4077-B08D-E130155CE906",
"versionEndIncluding": "7.1.0.2",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D8B47-39C6-4859-9473-3A00704E0DF2",
"versionEndIncluding": "7.1.1.9",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588FC5AF-08A5-43C8-BEDC-B23D7666378F",
"versionEndIncluding": "7.1.2.13",
"versionStartIncluding": "7.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "190BFB10-0F26-4376-BF87-FDC650854466",
"versionEndIncluding": "8.0.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E809EC3-3FE7-48E8-9CFE-B467288F3FEE",
"versionEndIncluding": "8.0.1.3",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en (1) CCRC WAN Server / CM Server, (2) los scripts de desencadenamiento de integraci\u00f3n Perl CC/CQ, (3) la interfaz Java CMAPI, (4) el cliente remoto ClearCase y (5) los componentes de integraci\u00f3n basados en CMI y OSLC ClearQuest en IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92263."
}
],
"id": "CVE-2014-0931",
"lastModified": "2024-11-21T02:03:03.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T21:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5039
Vulnerability from fkie_nvd - Published: 2018-03-26 18:29 - Updated: 2024-11-21 02:32
Severity ?
Summary
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21976566 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/106715 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21976566 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/106715 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * | |
| ibm | rational_clearcase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925901D0-7CB9-42E3-B354-B1B5CF416461",
"versionEndIncluding": "7.1.2.16",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "383652E4-DC7F-445F-A4BE-AB8142D1CD02",
"versionEndIncluding": "8.0.0.17",
"versionStartExcluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375FBC6F-C565-4AB4-AFAA-65748660B34C",
"versionEndIncluding": "8.0.1.10",
"versionStartIncluding": "8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
},
{
"lang": "es",
"value": "El cliente remoto y las integraciones de gesti\u00f3n de cambio en las versiones 7.1.x y 8.0.0.x de IBM Rational ClearCase anteriores a la 8.0.0.18 y en las versiones 8.0.1.x anteriores a la 8.0.1.11, no valida correctamente los nombres de host en certificados X.509 de los servidores SSL, lo cual permite a atacantes remotos suplantar estos servidores y obtener informaci\u00f3n sensible o modificar el tr\u00e1fico de red mediante un certificado manipulado. IBM X-Force ID: 106715."
}
],
"id": "CVE-2015-5039",
"lastModified": "2024-11-21T02:32:12.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T18:29:00.440",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-6221
Vulnerability from fkie_nvd - Published: 2015-04-06 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F01E597D-537D-47DA-8536-F7CF6D34E7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB608D6-E2C2-47A8-95A1-3794621DBE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30D45D8C-4917-4F07-82E8-6FB909769897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "169B3158-9039-40D9-B408-533D50448059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F732B2D-6996-4D62-9D81-E1452E982A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7118232D-D226-4856-80E1-1EC42DFFFFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de la interfaz MSCAPI/MSCNG en GSKit en IBM Rational ClearCase 7.1.2.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 no genera correctamente los n\u00fameros aleatorios, lo que facilita a atacantes remotos superar los mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6221",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-06T00:59:00.033",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032026"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-6134
Vulnerability from fkie_nvd - Published: 2015-03-25 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21688450 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21688450 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | installation_manager | * | |
| ibm | rational_clearcase | 8.0.0 | |
| ibm | rational_clearcase | 8.0.0.1 | |
| ibm | rational_clearcase | 8.0.0.2 | |
| ibm | rational_clearcase | 8.0.0.3 | |
| ibm | rational_clearcase | 8.0.0.4 | |
| ibm | rational_clearcase | 8.0.0.5 | |
| ibm | rational_clearcase | 8.0.0.6 | |
| ibm | rational_clearcase | 8.0.0.7 | |
| ibm | rational_clearcase | 8.0.0.8 | |
| ibm | rational_clearcase | 8.0.0.9 | |
| ibm | rational_clearcase | 8.0.0.10 | |
| ibm | rational_clearcase | 8.0.0.11 | |
| ibm | rational_clearcase | 8.0.0.12 | |
| ibm | rational_clearcase | 8.0.0.13 | |
| ibm | rational_clearcase | 8.0.1 | |
| ibm | rational_clearcase | 8.0.1.1 | |
| ibm | rational_clearcase | 8.0.1.2 | |
| ibm | rational_clearcase | 8.0.1.3 | |
| ibm | rational_clearcase | 8.0.1.4 | |
| ibm | rational_clearcase | 8.0.1.5 | |
| ibm | rational_clearcase | 8.0.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC55684-C384-4834-8D0E-E773271E9DF6",
"versionEndIncluding": "1.8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30D45D8C-4917-4F07-82E8-6FB909769897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "169B3158-9039-40D9-B408-533D50448059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F732B2D-6996-4D62-9D81-E1452E982A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7118232D-D226-4856-80E1-1EC42DFFFFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
},
{
"lang": "es",
"value": "IBM Rational ClearCase 8.0.0 anterior a 8.0.0.14 y 8.0.1 anterior a 8.0.1.7, cuando se utiliza Installation Manager anterior a 1.8.2, retiene las contrase\u00f1as del servidor en texto plano en la memoria de proceso durante todo el procedimiento de instalaci\u00f3n, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento del acceso a la cuenta de instalaci\u00f3n."
}
],
"id": "CVE-2014-6134",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-25T01:59:03.767",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3104
Vulnerability from fkie_nvd - Published: 2014-09-23 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un documento XML manipulado que contiene un n\u00famero grande de referencias de entidad anidadas, un problema similar al CVE-2003-1564."
}
],
"id": "CVE-2014-3104",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.850",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3106
Vulnerability from fkie_nvd - Published: 2014-09-23 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
},
{
"lang": "es",
"value": "IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no implementa debidamente el mecanismo de protecci\u00f3n de Local Access Only, lo que permite a atacantes remotos evadir la autenticaci\u00f3n y leer ficheros a trav\u00e9s de funcionalidad de Ayuda de Administraci\u00f3n del Servidor."
}
],
"id": "CVE-2014-3106",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.943",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3105
Vulnerability from fkie_nvd - Published: 2014-09-23 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
},
{
"lang": "es",
"value": "La funci\u00f3n de integraci\u00f3n OSLC en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 proporciona mensajes de error diferentes para intentos de conexi\u00f3n fallidos en funci\u00f3n de si existe el nombre de usuario, lo que permite a atacantes remotos enumerar los nombres de cuenta a trav\u00e9s de una serie de peticiones."
}
],
"id": "CVE-2014-3105",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3103
Vulnerability from fkie_nvd - Published: 2014-09-23 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
},
{
"lang": "es",
"value": "El componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no configura el indicador de seguridad para la cookie de la sesi\u00f3n en una sesi\u00f3n https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepci\u00f3n de su transmisi\u00f3n dentro de una sesi\u00f3n http."
}
],
"id": "CVE-2014-3103",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T21:55:04.817",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3101
Vulnerability from fkie_nvd - Published: 2014-09-23 20:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El formulario de inicio de sesi\u00f3n en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no introduce un retraso despu\u00e9s de un intento de autenticaci\u00f3n fallido, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-3101",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T20:55:02.967",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030884"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3090
Vulnerability from fkie_nvd - Published: 2014-09-23 20:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "IBM Rational ClearCase 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un documento XML manipulado que tiene un gran n\u00famero de referencias de entidad anidadas, un problema similar a CVE-2003-1564."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2014-3090",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-23T20:55:02.907",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-4059 (GCVE-0-2019-4059)
Vulnerability from cvelistv5 – Published: 2019-02-15 20:00 – Updated: 2024-09-17 02:20
VLAI?
Summary
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational ClearCase |
Affected:
1.0.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational ClearCase",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.0"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-4059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational ClearCase",
"version": {
"version_data": [
{
"version_value": "1.0.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870810",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4059",
"datePublished": "2019-02-15T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:20:40.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0931 (GCVE-0-2014-0931)
Vulnerability from cvelistv5 – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0931",
"datePublished": "2018-04-20T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5039 (GCVE-0-2015-5039)
Vulnerability from cvelistv5 – Published: 2018-03-26 18:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5039",
"datePublished": "2018-03-26T18:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6221 (GCVE-0-2014-6221)
Vulnerability from cvelistv5 – Published: 2015-04-06 00:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6221",
"datePublished": "2015-04-06T00:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6134 (GCVE-0-2014-6134)
Vulnerability from cvelistv5 – Published: 2015-03-25 01:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T01:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6134",
"datePublished": "2015-03-25T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3106 (GCVE-0-2014-3106)
Vulnerability from cvelistv5 – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3106",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3104 (GCVE-0-2014-3104)
Vulnerability from cvelistv5 – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3104",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3103 (GCVE-0-2014-3103)
Vulnerability from cvelistv5 – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3103",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3105 (GCVE-0-2014-3105)
Vulnerability from cvelistv5 – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3105",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3090 (GCVE-0-2014-3090)
Vulnerability from cvelistv5 – Published: 2014-09-23 20:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearcase-cve20143090-xee(94256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256"
},
{
"name": "69964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69964"
},
{
"name": "1030883",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030883"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3090",
"datePublished": "2014-09-23T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4059 (GCVE-0-2019-4059)
Vulnerability from nvd – Published: 2019-02-15 20:00 – Updated: 2024-09-17 02:20
VLAI?
Summary
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational ClearCase |
Affected:
1.0.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational ClearCase",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.0"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-4059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational ClearCase",
"version": {
"version_data": [
{
"version_value": "1.0.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870810",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870810"
},
{
"name": "ibm-clearcase-cve20194059-info-disc(156583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4059",
"datePublished": "2019-02-15T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:20:40.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0931 (GCVE-0-2014-0931)
Vulnerability from nvd – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearcase-cve20140931-xxe(92263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0931",
"datePublished": "2018-04-20T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5039 (GCVE-0-2015-5039)
Vulnerability from nvd – Published: 2018-03-26 18:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5039",
"datePublished": "2018-03-26T18:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6221 (GCVE-0-2014-6221)
Vulnerability from nvd – Published: 2015-04-06 00:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6221",
"datePublished": "2015-04-06T00:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6134 (GCVE-0-2014-6134)
Vulnerability from nvd – Published: 2015-03-25 01:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T01:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6134",
"datePublished": "2015-03-25T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3106 (GCVE-0-2014-3106)
Vulnerability from nvd – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950"
},
{
"name": "ibm-clearquest-cve20143106-local(94313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3106",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3104 (GCVE-0-2014-3104)
Vulnerability from nvd – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942"
},
{
"name": "ibm-clearquest-cve20143104-xee(94311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3104",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3103 (GCVE-0-2014-3103)
Vulnerability from nvd – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
},
{
"name": "ibm-clearquest-cve20143103-secureflag(94270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3103",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3105 (GCVE-0-2014-3105)
Vulnerability from nvd – Published: 2014-09-23 21:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682949"
},
{
"name": "ibm-clearquest-cve20143105-enumerate(94312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3105",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}