Security Bulletin: A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996)

Summary

A vulnerability was discovered in IBM Rational ClearQuest that allows an attacker to obtain the database login credentials.

Vulnerability Details

CVEID: CVE-2015-4996**
DESCRIPTION:** IBM ClearQuest could allow an attacker to trick it into connecting to a fake database server which would be used to capture the true database servers credentials.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105998 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Rational ClearQuest

Versions 8.0.0.x, 8.0.1.x

Versions 7.1.x.x

Remediation/Fixes

Affected Versions

|

** Applying the fix**

—|—
7.1.0.x, 7.1.1.x, and 7.1.2.x| Customers on extended support contracts should contact Rational Customer Support.
8.0.0.x| Upgrade to Rational ClearQuest Fix Pack 17 (8.0.0.17) for 8.0 or Rational ClearQuest Fix Pack 10 (8.0.1.10) for 8.0.1.
8.0.1.x| Upgrade to Rational ClearQuest Fix Pack 10 (8.0.1.10) for 8.0.1.