Lucene search

K
cve[email protected]CVE-2014-3106
HistorySep 23, 2014 - 9:55 p.m.

CVE-2014-3106

2014-09-2321:55:04
CWE-287
web.nvd.nist.gov
22
ibm
rational clearquest
remote access
authentication bypass
help server administration
vulnerability
cve-2014-3106

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

Affected configurations

NVD
Node
ibmrational_clearcaseMatch7.1
OR
ibmrational_clearcaseMatch7.1.0.1
OR
ibmrational_clearcaseMatch7.1.0.2
OR
ibmrational_clearcaseMatch7.1.1
OR
ibmrational_clearcaseMatch7.1.1.1
OR
ibmrational_clearcaseMatch7.1.1.2
OR
ibmrational_clearcaseMatch7.1.1.3
OR
ibmrational_clearcaseMatch7.1.1.4
OR
ibmrational_clearcaseMatch7.1.1.5
OR
ibmrational_clearcaseMatch7.1.1.6
OR
ibmrational_clearcaseMatch7.1.1.7
OR
ibmrational_clearcaseMatch7.1.1.8
OR
ibmrational_clearcaseMatch7.1.1.9
OR
ibmrational_clearcaseMatch7.1.2
OR
ibmrational_clearcaseMatch7.1.2.1
OR
ibmrational_clearcaseMatch7.1.2.2
OR
ibmrational_clearcaseMatch7.1.2.3
OR
ibmrational_clearcaseMatch7.1.2.4
OR
ibmrational_clearcaseMatch7.1.2.5
OR
ibmrational_clearcaseMatch7.1.2.6
OR
ibmrational_clearcaseMatch7.1.2.7
OR
ibmrational_clearcaseMatch7.1.2.9
OR
ibmrational_clearcaseMatch7.1.2.10
OR
ibmrational_clearcaseMatch7.1.2.11
OR
ibmrational_clearcaseMatch7.1.2.12
OR
ibmrational_clearcaseMatch7.1.2.13
OR
ibmrational_clearcaseMatch7.1.2.14
OR
ibmrational_clearcaseMatch8.0
OR
ibmrational_clearcaseMatch8.0.0.1
OR
ibmrational_clearcaseMatch8.0.0.2
OR
ibmrational_clearcaseMatch8.0.0.3
OR
ibmrational_clearcaseMatch8.0.0.4
OR
ibmrational_clearcaseMatch8.0.0.5
OR
ibmrational_clearcaseMatch8.0.0.6
OR
ibmrational_clearcaseMatch8.0.0.7
OR
ibmrational_clearcaseMatch8.0.0.8
OR
ibmrational_clearcaseMatch8.0.0.9
OR
ibmrational_clearcaseMatch8.0.0.10
OR
ibmrational_clearcaseMatch8.0.0.11
OR
ibmrational_clearcaseMatch8.0.1
OR
ibmrational_clearcaseMatch8.0.1.1
OR
ibmrational_clearcaseMatch8.0.1.2
OR
ibmrational_clearcaseMatch8.0.1.3
OR
ibmrational_clearcaseMatch8.0.1.4

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

Related for CVE-2014-3106