Lucene search

K
cve[email protected]CVE-2014-3106
HistorySep 23, 2014 - 9:55 p.m.

CVE-2014-3106

2014-09-2321:55:04
CWE-287
web.nvd.nist.gov
22
ibm
rational clearquest
remote access
authentication bypass
help server administration
vulnerability
cve-2014-3106

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

Affected configurations

NVD
Node
ibmrational_clearcaseMatch7.1
OR
ibmrational_clearcaseMatch7.1.0.1
OR
ibmrational_clearcaseMatch7.1.0.2
OR
ibmrational_clearcaseMatch7.1.1
OR
ibmrational_clearcaseMatch7.1.1.1
OR
ibmrational_clearcaseMatch7.1.1.2
OR
ibmrational_clearcaseMatch7.1.1.3
OR
ibmrational_clearcaseMatch7.1.1.4
OR
ibmrational_clearcaseMatch7.1.1.5
OR
ibmrational_clearcaseMatch7.1.1.6
OR
ibmrational_clearcaseMatch7.1.1.7
OR
ibmrational_clearcaseMatch7.1.1.8
OR
ibmrational_clearcaseMatch7.1.1.9
OR
ibmrational_clearcaseMatch7.1.2
OR
ibmrational_clearcaseMatch7.1.2.1
OR
ibmrational_clearcaseMatch7.1.2.2
OR
ibmrational_clearcaseMatch7.1.2.3
OR
ibmrational_clearcaseMatch7.1.2.4
OR
ibmrational_clearcaseMatch7.1.2.5
OR
ibmrational_clearcaseMatch7.1.2.6
OR
ibmrational_clearcaseMatch7.1.2.7
OR
ibmrational_clearcaseMatch7.1.2.9
OR
ibmrational_clearcaseMatch7.1.2.10
OR
ibmrational_clearcaseMatch7.1.2.11
OR
ibmrational_clearcaseMatch7.1.2.12
OR
ibmrational_clearcaseMatch7.1.2.13
OR
ibmrational_clearcaseMatch7.1.2.14
OR
ibmrational_clearcaseMatch8.0
OR
ibmrational_clearcaseMatch8.0.0.1
OR
ibmrational_clearcaseMatch8.0.0.2
OR
ibmrational_clearcaseMatch8.0.0.3
OR
ibmrational_clearcaseMatch8.0.0.4
OR
ibmrational_clearcaseMatch8.0.0.5
OR
ibmrational_clearcaseMatch8.0.0.6
OR
ibmrational_clearcaseMatch8.0.0.7
OR
ibmrational_clearcaseMatch8.0.0.8
OR
ibmrational_clearcaseMatch8.0.0.9
OR
ibmrational_clearcaseMatch8.0.0.10
OR
ibmrational_clearcaseMatch8.0.0.11
OR
ibmrational_clearcaseMatch8.0.1
OR
ibmrational_clearcaseMatch8.0.1.1
OR
ibmrational_clearcaseMatch8.0.1.2
OR
ibmrational_clearcaseMatch8.0.1.3
OR
ibmrational_clearcaseMatch8.0.1.4

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

Related for CVE-2014-3106