Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFC5FE1CDB04D13DC4C03C374B0C5B38DA309A4E66904B60A7740D50D73762466
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Critical security vulnerability in Jazz Team Server affecting all CLM Applications (CVE-2014-0862)

2021-04-2818:35:50
www.ibm.com
8

0.013 Low

EPSS

Percentile

86.2%

JSON

Summary

A high risk vulnerability has been identified in the Jazz Team Server affecting all Collaborative Lifecycle Management (CLM) Applications. The exposure would allow a remote attacker to execute arbitrary code on the server.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID: CVE-2014-0862

Description: An unspecified vulnerability in Jazz Team Server allows remote attackers to execute arbitrary code on the server. The potentially malicious code being executed could compromise the integrity, confidentiality and availability of the server.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90895&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Rational Quality Manager 2.0 - 2.0.1 (All Editions)
Rational Quality Manager 4.0 - 4.0.5

Rational Team Concert 4.0 - 4.0.5

Rational Requirements Composer 2.0 - 2.0.0.4 (All Editions)
Rational Requirements Composer 3.0 - 3.0.1.6 iFix 1
Rational Requirements Composer 4.0 - 4.0.5

Remediation/Fixes

For the 4.x releases of Rational Quality Manager, Rational Team Concert, Rational Requirements Composer upgrade to CLM 4.0.6.

For the 3.x releases of Rational Requirements Composer upgrade to CLM 3.0.1.6 iFix 2

For the 2.x releases of Rational Quality Manager, Rational Team Concert, Rational Requirements Composer, contact IBM support for additional details on the fix.

Workarounds and Mitigations

If you are unable to upgrade, refer to the instructions in technote 1664698: How to block the Install URL from being accessed with CLM to remove this vulnerability.

Related

nessus 1
seebug 2
cvelist 1
cve 1
prion 1
nvd 1
ibm 2
mageia 1
openvas 1
nessus
nessus
IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution
2014-03-11 00:00:00
seebug
seebug
IBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞
2014-03-03 00:00:00
IBM Collaborative Lifecycle Management Applications远程代码执行漏洞
2014-03-20 00:00:00
cvelist
cvelist
CVE-2014-0862
2014-03-02 02:00:00
cve
cve
CVE-2014-0862
2014-03-02 04:57:25
prion
prion
Code injection
2014-03-02 04:57:00
nvd
nvd
CVE-2014-0862
2014-03-02 04:57:25
ibm
ibm
Security Bulletin: Critical security vulnerability in Jazz Team Server affecting Rational Software Architect Design Manager and Rational Rhapsody Design Manager (CVE-2014-0862)
2018-06-17 04:53:45
Security Bulletin: Vulnerability in Rational Engineering Lifecycle Manager, Rational Software Architect Design Manager and Rhapsody Design Manager (CVE-2014-3037)
2018-06-17 04:56:50
mageia
mageia
Updated rabbitmq-server packages fix security vulnerabilities
2015-06-09 00:17:51
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0240)
2022-01-28 00:00:00

0.013 Low

EPSS

Percentile

86.2%

JSON
Related for FC5FE1CDB04D13DC4C03C374B0C5B38DA309A4E66904B60A7740D50D73762466
nessus1seebug2cvelist1cve1prion1nvd1ibm2mageia1openvas1