CVE-2014-3090

4 documents4 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 24.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedSep 23
Latest updateMay 17

Description

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearcase45 versions+44

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-g6x3-992w-85wr: IBM Rational ClearCase 72022-05-17
OSV
Pillow regression2016-09-30
CVEList
CVE-2014-3090: IBM Rational ClearCase 72014-09-23
CVE-2014-3090 (MEDIUM CVSS 5) | IBM Rational ClearCase 7.1 before 7 | cvebase.io