IBMF757EB7BBE7213C1DC1B65B46C1F51677B0B4C7A3B9A780D2792BD96EA01EED0Security Bulletin: "Local Access Only" authentication type does not prevent unauthenticated remote access to Help Server Administration in ClearQuest (CVE-2014-3106)
0.003 Low
EPSS
Percentile
70.7%
Summary
“Local Access Only” authentication type does not prevent unauthenticated remote access to Help Server Administration.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2014-3106
**Description:**IBM Rational ClearQuest allows a remote unauthenticated attacker bypass security restrictions set by the “Local Access Only” ACL. ClearQuest introduced a new Help system since 7.1.2.02 in 2011, but the “Local Access Only” authentication type doesn’t work. This would allow the attacker to view files they might not otherwise have access to.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94313> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
ClearQuest version
| Status
—|—
8.0.1 through 8.0.1.4| Affected
8.0 through 8.0.0.11| Affected
7.1.2 through 7.1.2.14| Affected
7.1.0.x, 7.1.1.x (all versions and fix packs)| Not Affected
Remediation/Fixes
Upgrade to one of the following releases:
| Affected Versions | Applying the fix |
|---|---|
| 8.0.1.x | Install Rational ClearQuest Fix Pack 5 (8.0.1.5) for 8.0.1 |
| 8.0.0.x | Install Rational ClearQuest Fix Pack 12 (8.0.0.12) for 8.0 |
| 7.1.2.x | Install Rational ClearQuest Fix Pack 15 (7.1.2.15) for 7.1.2 |
Workarounds and Mitigations
None
Related
0.003 Low
EPSS
Percentile
70.7%