Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown
CVE-2014-6221
Disclosure Date: April 06, 2015 (last updated October 05, 2023)
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
0
Attacker Value
Unknown
CVE-2014-3106
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.
0
Attacker Value
Unknown
CVE-2014-3105
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
0
Attacker Value
Unknown
CVE-2014-3103
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
0
Attacker Value
Unknown
CVE-2014-3104
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
0
Attacker Value
Unknown
CVE-2014-3101
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
0
Attacker Value
Unknown
CVE-2014-3090
Disclosure Date: September 23, 2014 (last updated October 05, 2023)
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
0
Attacker Value
Unknown
CVE-2014-0829
Disclosure Date: March 21, 2014 (last updated October 05, 2023)
Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
0
Attacker Value
Unknown
CVE-2013-5422
Disclosure Date: December 19, 2013 (last updated October 05, 2023)
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.
0
Attacker Value
Unknown
CVE-2013-5415
Disclosure Date: December 18, 2013 (last updated October 05, 2023)
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
0