Rational Clearcase Security Vulnerabilities and Issues — Rational Clearcase CVE List

Lucene search

IbmRational Clearcase

7 matches found

CVE•added 2014/09/23 9:55 p.m.•45 views

CVE-2014-3103

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an htt...

5CVSS6.4AI score0.00207EPSS

CVE•added 2014/09/23 8:55 p.m.•42 views

CVE-2014-3101

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

5CVSS6.6AI score0.00216EPSS

CVE•added 2014/09/23 9:55 p.m.•42 views

CVE-2014-3105

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account ...

5CVSS6.6AI score0.00207EPSS

CVE•added 2009/12/18 7:30 p.m.•40 views

CVE-2009-4357

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

5CVSS6.4AI score0.00337EPSS

CVE•added 2014/09/23 9:55 p.m.•40 views

CVE-2014-3106

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

5CVSS6.9AI score0.00258EPSS

CVE•added 2014/09/23 8:55 p.m.•38 views

CVE-2014-3090

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5CVSS6.8AI score0.00885EPSS

CVE•added 2014/09/23 9:55 p.m.•37 views

CVE-2014-3104

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5CVSS6.8AI score0.00852EPSS