EUVD-2014-3126

Malware in sbrugna...

EUVD-2012-4764

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified...

IBM Rational ClearQuest Man-in-the-Middle Attack Vulnerability

IBM Rational ClearQuest is a suite of Application Lifecycle Management ALM software from IBM, USA. The software provides defect tracking, process customization, and real-time reporting for applications to improve visibility and control of the development cycle. A man-in-the-middle attack...

CVE-2016-2922

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 CQ OSLC linkages, EmailRelay fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM...

Security Bulletin: Vulnerabilities in ClearCase GSKit Component (CVE-2013-6747)

Summary A certificate chain presented by a Client or Server could contain a circular reference that will cause the chain building logic to loop which can lead to a program crash or hang due to memory exhaustion. Vulnerability Details | Subscribe to My Notifications to be notified of important...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearCase (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Rational ClearCase. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Security Bulletin: Login Error Messages Credential Enumeration in ClearQuest Web (CVE-2014-3105)

Summary IBM Rational ClearQuest Web for OSLC integration is vulnerable to Login Error Messages Credential Enumeration. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your...

Security Bulletin: ClearQuest Phishing Through Frames Vulnerability (CVE-2012-4839)

Summary Security Scanning indicated a vulnerability to a Phishing Through Frames attack in the OSLC system in IBM Rational ClearQuest. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires...

Security Bulletin: IBM Rational ClearCase update for security vulnerabilities in OpenSSL component

Summary IBM Rational ClearCase uses the OpenSSL component for establishing SSL connections. ClearCase now ships an updated version of OpenSSL on Unix and Linux platforms, and uses a new component called IBM GSKit on Windows which also mitigates against the OpenSSL vulnerabilities. Vulnerability...

CVE-2014-3105

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate accoun...

Design/Logic Flaw

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate accoun...

CVE-2014-3105

CVE-2014-3105 affects IBM Rational ClearQuest Web OSLC integration and enables credential enumeration via distinct login error messages. IBM’s advisory lists affected versions: 7.1.0.x/7.1.1.x (all), 7.1.2.x (up to 7.1.2.14), 8.0.0.x (up to 8.0.0.11), and 8.0.1.x (up to 8.0.1.4). The root cause i...

CVE-2014-3105

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate accoun...

IBM Rational ClearQuest 7.1.x < 7.1.2.9 / 8.0.0.x < 8.0.0.5 Multiple Vulnerabilities (credentialed check)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.9 / 8.0.0.x prior to 8.0.0.5 installed. It is, therefore, affected by the following vulnerabilities : - An unspecified input validation error exists related to the Open Services for Lifecycle Collaboration OSLC system...

CVE-2012-4839

The OSLC interface in the Web Client aka CQ Web in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element...

Design/Logic Flaw

The OSLC interface in the Web Client aka CQ Web in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element...

CVE-2012-4839

The OSLC interface in IBM Rational ClearQuest Web (CQ Web) is affected by CVE-2012-4839. Affected: ClearQuest Web server 7.1.2.0–7.1.2.8 and 8.0.0.0–8.0.0.4. Root cause: OSLC dialog/frame handling allows phishing attacks via a FRAME element. CVSS base score 4.3 (MEDIUM). Remediation: upgrade to 7...

CVE-2012-4839

The OSLC interface in the Web Client aka CQ Web in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element...