A vulnerability was discovered in IBM Rational ClearQuest that allows an attacker to obtain the database login credentials.
CVEID: CVE-2015-4996**
DESCRIPTION:** IBM ClearQuest could allow an attacker to trick it into connecting to a fake database server which would be used to capture the true database servers credentials.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105998 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Rational ClearQuest
Versions 8.0.0.x, 8.0.1.x
Versions 7.1.x.x
Affected Versions
|
** Applying the fix**
—|—
7.1.0.x, 7.1.1.x, and 7.1.2.x| Customers on extended support contracts should contact Rational Customer Support.
8.0.0.x| Upgrade to Rational ClearQuest Fix Pack 17 (8.0.0.17) for 8.0 or Rational ClearQuest Fix Pack 10 (8.0.1.10) for 8.0.1.
8.0.1.x| Upgrade to Rational ClearQuest Fix Pack 10 (8.0.1.10) for 8.0.1.