VYPR

Rational Clearcase

by IBM

CVEs (20)

  • CVE-2014-0931CriApr 20, 2018
    risk 0.59cvss 9.1epss 0.03

    Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase…

  • CVE-2015-5039HigMar 26, 2018
    risk 0.48cvss 7.4epss 0.01

    The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain…

  • CVE-2008-5330Dec 5, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or…

  • CVE-2019-4059Feb 15, 2019
    risk 0.00cvss epss 0.02

    IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.

  • CVE-2014-6221Apr 6, 2015
    risk 0.00cvss epss 0.03

    The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2014-6134Mar 25, 2015
    risk 0.00cvss epss 0.00

    IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by…

  • CVE-2014-3106Sep 23, 2014
    risk 0.00cvss epss 0.02

    IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

  • CVE-2014-3105Sep 23, 2014
    risk 0.00cvss epss 0.02

    The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers…

  • CVE-2014-3104Sep 23, 2014
    risk 0.00cvss epss 0.02

    IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…

  • CVE-2014-3103Sep 23, 2014
    risk 0.00cvss epss 0.02

    The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its…

  • CVE-2014-3101Sep 23, 2014
    risk 0.00cvss epss 0.02

    The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2014-3090Sep 23, 2014
    risk 0.00cvss epss 0.02

    IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…

  • CVE-2014-0829Mar 21, 2014
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.

  • CVE-2013-5422Dec 19, 2013
    risk 0.00cvss epss 0.01

    The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.

  • CVE-2013-5416Dec 18, 2013
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.

  • CVE-2013-5415Dec 18, 2013
    risk 0.00cvss epss 0.00

    Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.

  • CVE-2013-5373Sep 25, 2013
    risk 0.00cvss epss 0.00

    The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.

  • CVE-2011-1205Mar 29, 2011
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document…

  • CVE-2009-4357Dec 18, 2009
    risk 0.00cvss epss 0.01

    CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

  • CVE-2009-1292Apr 14, 2009
    risk 0.00cvss epss 0.00

    UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.