The local database password is not properly protected in the ClearCase GIT connector.
CVEID: CVE-2019-4059 DESCRIPTION: The ClearCase GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156583> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Rational ClearCase GIT connector version 1.0.0.0
The solution is to install a fix that protects the database password.
Apply the relevant fixes as listed in the table below.
Affected Versions
|
Applying the fix
—|—
1.0.0.0
| Install version 1.0.0.1, available at this link .
None