19 matches found
CVE-2014-3105
CVE-2014-3105 affects IBM Rational ClearQuest Web OSLC integration and enables credential enumeration via distinct login error messages. IBM’s advisory lists affected versions: 7.1.0.x/7.1.1.x (all), 7.1.2.x (up to 7.1.2.14), 8.0.0.x (up to 8.0.0.11), and 8.0.1.x (up to 8.0.1.4). The root cause i...
CVE-2011-1205
The CVE-2011-1205 entry concerns multiple buffer overflows in unspecified COM objects within IBM Rational licensing components used by Rational ClearCase 7.0.0.4–7.1.1.4, ClearQuest 7.0.0.4–7.1.1.4, and related products. The root cause is buffer overflows in COM objects that can be triggered by r...
CVE-2013-5373
This CVE affects IBM Rational ClearCase RemoteClient: the rcleartool script and its config file have world-writable permissions, enabling local users to insert commands and potentially escalate privileges. Affected versions are Rational ClearCase 8.0.0.3–8.0.0.7 and 8.0.1. If exploited, the attac...
CVE-2014-3104
CVE-2014-3104 technical details are not provided in the connected documents. The other entries reference similar memory‑exhaustion issues but do not specify affected products, vulnerable components, root cause, impact, or remediation for this CVE.
CVE-2014-3103
The CVE-2014-3103 entry applies to IBM Rational ClearQuest Web. Affected: ClearQuest Web sessions using SSL where the session cookie lacks the Secure attribute, enabling potential interception of cookies transmitted over HTTP. Affected versions include 7.1.x (up to 7.1.2.15), 8.0.x (up to 8.0.0.1...
CVE-2014-3090
Technical details about CVE-2014-3090 (IBM Rational ClearCase XML entity processing vulnerability) are not publicly provided in the supplied documents. Please monitor for updates from IBM or security advisories for affected versions and remediation guidance.
CVE-2014-3101
The CVE-2014-3101 issue affects IBM Rational ClearQuest Web login: the login form fails to insert a delay after failed attempts in affected releases (7.1.x prior to 7.1.2.15, 8.0.0.x prior to 8.0.0.12, and 8.0.1.x prior to 8.0.1.5). This omission enables brute-force attempts to gain access. The I...
CVE-2009-1292
CVE-2009-1292 affects IBM Rational ClearCase UCM-CQ on Linux/AIX (7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, 7.1.x before 7.1.0.1). The underlying issue is that a username and password are exposed on the command line, allowing local attackers to obtain credentials by listing processes. The a...
CVE-2009-4357
CVE-2009-4357 affects IBM Rational ClearQuest CQWeb (the web interface) prior to version 7.1.1. The root cause is improper handling of legacy URLs used for automatic login, which could allow remote attackers to discover user passwords through unspecified vectors. Affected component: CQWeb web int...
CVE-2014-0829
IBM Rational ClearCase contains buffer overflow vulnerabilities (CVE-2014-0829) affecting 7.x up to 7.1.2.13, 8.0.0.x up to 8.0.0.9, and 8.0.1.x up to 8.0.1.2. The flaw could allow remote code execution or privilege escalation on VOB/view servers or CCRC WAN servers when exploited by an authentic...
CVE-2014-6134
CVE-2014-6134 affects IBM Rational ClearCase 8.0.0 prior to 8.0.0.14 and 8.0.1 prior to 8.0.1.7. During installation, when using Installation Manager before 1.8.2, the installer retains server passwords in cleartext in process memory, enabling a local attacker with access to the installation acco...
CVE-2014-3106
IBM Rational ClearQuest is affected by CVE-2014-3106 where the Local Access Only ACL does not prevent unauthenticated remote access to the Help Server Administration, allowing attackers to bypass authentication and read files. Affected versions are 7.1.2–7.1.2.14, 8.0.0–8.0.0.11, and 8.0.1–8.0.1....
CVE-2014-6221
Summary of CVE-2014-6221 (GSKit random data generation) : The GSKit MSCAPI/MSCNG interface does not generate cryptographically random data, enabling potential confidentiality/integrity compromise. Affected products and contexts include IBM GSKit in Rational ClearCase (various 7.1.2.x, 8.0.0.x, 8....
CVE-2019-4059
IBM Rational ClearCase GIT connector version 1.0.0.0 exposes the document database password due to insufficient protection, allowing an attacker to obtain the password and gain unauthorized access to the document database. Root cause: inadequate protection of local credentials in the GIT connecto...
CVE-2013-5422
The vulnerability CVE-2013-5422 affects IBM Rational ClearQuest Web Client. Affects Web Client in Rational ClearQuest versions 7.1–7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, where, when a multi-database dataset is present, an attacker can disclose the names of databases they ar...
CVE-2013-5415
IBM Rational ClearCase is affected by CVE-2013-5415 due to undisclosed buffer overflow and privilege-escalation vulnerabilities exploitable by a local user to gain elevated privileges. Affected ranges include 7.1.1.x, 7.1.2 up to 7.1.2.12, 8.0.0.x up to 8.0.0.8, and 8.0.1.x up to 8.0.1.1. IBM’s r...
CVE-2015-5039
IBM Rational ClearCase Remote Client and Change Management Integrations are affected by CVE-2015-5039 due to improper hostname validation of X.509 SSL certificates. Affected products/versions: Rational ClearCase 7.1.x, 8.0.x prior to 8.0.0.18, and 8.0.1.x prior to 8.0.1.11. Root cause: hostname v...
CVE-2013-5416
IBM Rational ClearCase is affected by CVE-2013-5416 (privilege-escalation via local vectors). The IBM advisory cites buffer overflow / privilege-escalation issues in ClearCase and MultiSite across affected releases (7.1.1.x, 7.1.2–7.1.2.12, 8.0.0.x up to 8.0.0.8, and 8.0.1.x up to 8.0.1.1). Remed...
CVE-2014-0931
CVE-2014-0931 maps to multiple XXE vulnerabilities in IBM Rational ClearCase components: CCRC WAN Server/CM Server, Perl CC/CQ integration scripts, CMAPI Java interface, ClearCase remote client, and CMI/OSLC-based ClearQuest integrations. Affected product lines span IBM Rational ClearCase 7.0.x (...