Rational Clearcase@8.0.0.10 Security Vulnerabilities and Issues — Rational Clearcase@8.0.0.10 CVE List

Lucene search

IbmRational Clearcase8.0.0.10

8 matches found

CVE•added 2014/09/23 9:55 p.m.•45 views

CVE-2014-3103

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an htt...

5CVSS6.4AI score0.00207EPSS

CVE•added 2014/09/23 8:55 p.m.•42 views

CVE-2014-3101

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

5CVSS6.6AI score0.00216EPSS

CVE•added 2014/09/23 9:55 p.m.•42 views

CVE-2014-3105

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account ...

5CVSS6.6AI score0.00207EPSS

CVE•added 2015/03/25 1:59 a.m.•41 views

CVE-2014-6134

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to th...

1.2CVSS5.8AI score0.00118EPSS

CVE•added 2014/09/23 9:55 p.m.•40 views

CVE-2014-3106

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

5CVSS6.9AI score0.00258EPSS

CVE•added 2014/09/23 8:55 p.m.•38 views

CVE-2014-3090

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5CVSS6.8AI score0.00885EPSS

CVE•added 2014/09/23 9:55 p.m.•37 views

CVE-2014-3104

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5CVSS6.8AI score0.00852EPSS

CVE•added 2015/04/06 12:59 a.m.•35 views

CVE-2014-6221

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecifi...

9.4CVSS6.2AI score0.00631EPSS