CVE-2013-5373

2013-09-2510:31:29

CWE-264

[email protected]

web.nvd.nist.gov

ibm

rational clearcase

remoteclient

cve-2013-5373

vulnerability

privilege escalation

nvd

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.

Affected configurations

NVD

Node

ibmrational_clearcaseMatch8.0.0.3

ibmrational_clearcaseMatch8.0.0.4

ibmrational_clearcaseMatch8.0.0.5

ibmrational_clearcaseMatch8.0.0.6

ibmrational_clearcaseMatch8.0.0.7

ibmrational_clearcaseMatch8.0.1

CPENameOperatorVersion
ibm:rational_clearcaseibm rational clearcaseeq8.0.0.3
ibm:rational_clearcaseibm rational clearcaseeq8.0.0.4
ibm:rational_clearcaseibm rational clearcaseeq8.0.0.5
ibm:rational_clearcaseibm rational clearcaseeq8.0.0.6
ibm:rational_clearcaseibm rational clearcaseeq8.0.0.7
ibm:rational_clearcaseibm rational clearcaseeq8.0.1

CPE	Name	Operator	Version
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.0.3
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.0.4
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.0.5
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.0.6
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.0.7
ibm:rational_clearcase	ibm rational clearcase	eq	8.0.1