Lucene search

[email protected]CVE-2014-3101

HistorySep 23, 2014 - 8:55 p.m.

CVE-2014-3101

2014-09-2320:55:02

CWE-287

[email protected]

web.nvd.nist.gov

ibm

rational clearquest

vulnerability

web component

brute-force attack

nvd

cve-2014-3101

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Affected configurations

NVD

Node

ibmrational_clearcaseMatch7.1

ibmrational_clearcaseMatch7.1.0.1

ibmrational_clearcaseMatch7.1.0.2

ibmrational_clearcaseMatch7.1.1

ibmrational_clearcaseMatch7.1.1.1

ibmrational_clearcaseMatch7.1.1.2

ibmrational_clearcaseMatch7.1.1.3

ibmrational_clearcaseMatch7.1.1.4

ibmrational_clearcaseMatch7.1.1.5

ibmrational_clearcaseMatch7.1.1.6

ibmrational_clearcaseMatch7.1.1.7

ibmrational_clearcaseMatch7.1.1.8

ibmrational_clearcaseMatch7.1.1.9

ibmrational_clearcaseMatch7.1.2

ibmrational_clearcaseMatch7.1.2.1

ibmrational_clearcaseMatch7.1.2.2

ibmrational_clearcaseMatch7.1.2.3

ibmrational_clearcaseMatch7.1.2.4

ibmrational_clearcaseMatch7.1.2.5

ibmrational_clearcaseMatch7.1.2.6

ibmrational_clearcaseMatch7.1.2.7

ibmrational_clearcaseMatch7.1.2.9

ibmrational_clearcaseMatch7.1.2.10

ibmrational_clearcaseMatch7.1.2.11

ibmrational_clearcaseMatch7.1.2.12

ibmrational_clearcaseMatch7.1.2.13

ibmrational_clearcaseMatch7.1.2.14

ibmrational_clearcaseMatch8.0

ibmrational_clearcaseMatch8.0.0.1

ibmrational_clearcaseMatch8.0.0.2

ibmrational_clearcaseMatch8.0.0.3

ibmrational_clearcaseMatch8.0.0.4

ibmrational_clearcaseMatch8.0.0.5

ibmrational_clearcaseMatch8.0.0.6

ibmrational_clearcaseMatch8.0.0.7

ibmrational_clearcaseMatch8.0.0.8

ibmrational_clearcaseMatch8.0.0.9

ibmrational_clearcaseMatch8.0.0.10

ibmrational_clearcaseMatch8.0.0.11

ibmrational_clearcaseMatch8.0.1

ibmrational_clearcaseMatch8.0.1.1

ibmrational_clearcaseMatch8.0.1.2

ibmrational_clearcaseMatch8.0.1.3

ibmrational_clearcaseMatch8.0.1.4

CPENameOperatorVersion
ibm:rational_clearcaseibm rational clearcaseeq7.1
ibm:rational_clearcaseibm rational clearcaseeq7.1.0.1
ibm:rational_clearcaseibm rational clearcaseeq7.1.0.2
ibm:rational_clearcaseibm rational clearcaseeq7.1.1
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.1
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.2
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.3
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.4
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.5
ibm:rational_clearcaseibm rational clearcaseeq7.1.1.6

CPE	Name	Operator	Version
ibm:rational_clearcase	ibm rational clearcase	eq	7.1
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.0.1
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.0.2
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.1
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.2
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.3
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.4
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.5
ibm:rational_clearcase	ibm rational clearcase	eq	7.1.1.6