FKIE_CVE-2014-3103

Vulnerability from fkie_nvd - Published: 2014-09-23 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21682947Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/94270
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21682947Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/94270
Impacted products
Vendor Product Version
ibm rational_clearcase 7.1
ibm rational_clearcase 7.1.0.1
ibm rational_clearcase 7.1.0.2
ibm rational_clearcase 7.1.1
ibm rational_clearcase 7.1.1.1
ibm rational_clearcase 7.1.1.2
ibm rational_clearcase 7.1.1.3
ibm rational_clearcase 7.1.1.4
ibm rational_clearcase 7.1.1.5
ibm rational_clearcase 7.1.1.6
ibm rational_clearcase 7.1.1.7
ibm rational_clearcase 7.1.1.8
ibm rational_clearcase 7.1.1.9
ibm rational_clearcase 7.1.2
ibm rational_clearcase 7.1.2.1
ibm rational_clearcase 7.1.2.2
ibm rational_clearcase 7.1.2.3
ibm rational_clearcase 7.1.2.4
ibm rational_clearcase 7.1.2.5
ibm rational_clearcase 7.1.2.6
ibm rational_clearcase 7.1.2.7
ibm rational_clearcase 7.1.2.9
ibm rational_clearcase 7.1.2.10
ibm rational_clearcase 7.1.2.11
ibm rational_clearcase 7.1.2.12
ibm rational_clearcase 7.1.2.13
ibm rational_clearcase 7.1.2.14
ibm rational_clearcase 8.0
ibm rational_clearcase 8.0.0.1
ibm rational_clearcase 8.0.0.2
ibm rational_clearcase 8.0.0.3
ibm rational_clearcase 8.0.0.4
ibm rational_clearcase 8.0.0.5
ibm rational_clearcase 8.0.0.6
ibm rational_clearcase 8.0.0.7
ibm rational_clearcase 8.0.0.8
ibm rational_clearcase 8.0.0.9
ibm rational_clearcase 8.0.0.10
ibm rational_clearcase 8.0.0.11
ibm rational_clearcase 8.0.1
ibm rational_clearcase 8.0.1.1
ibm rational_clearcase 8.0.1.2
ibm rational_clearcase 8.0.1.3
ibm rational_clearcase 8.0.1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C3D535-5115-4D66-931E-4703EC37229F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DEB5683-7E33-461B-8F6D-898C03BE942C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB9D55D-C018-4E02-A765-533426954967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1900129-63E0-42B4-BAF5-C084443EF28D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B244BBE6-426E-4051-BF29-3B7760A9FB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8E7369-A3A1-42C8-A159-C09DD64A2AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6E721E-6B5D-4BE6-8021-4265263977ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E293BA0-7CDE-4B96-8E1B-32E1853DD795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DF00E5-277E-4C22-8F2A-723A67CBDEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5695499B-9173-4583-8028-D1E7375A146D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B81B30B-B3F3-4628-AC90-4FAD36FC6BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C89869-152C-405A-989A-4ECE8DB3466B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E386E2E-4F4C-4AFF-9E5C-9D384A68A248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "399B83C2-0739-478C-8253-F5BEAD961670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8801EE5A-2C03-4F5A-92EF-1E89D4E5A028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE0B42B-C4B3-407B-A91D-EE31D93D3976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25327BEA-21DE-4FCD-847B-2E20199003A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45DA6EF-0017-4A9A-A520-3E814A802561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FCE4E0-1596-463A-80B0-0D7A8CDD53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "971B2B97-4B92-4CE6-A659-76E95BFFC37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
    },
    {
      "lang": "es",
      "value": "El componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no configura el indicador de seguridad para la cookie de la sesi\u00f3n en una sesi\u00f3n https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepci\u00f3n de su transmisi\u00f3n dentro de una sesi\u00f3n http."
    }
  ],
  "id": "CVE-2014-3103",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-23T21:55:04.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94270"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.