CVE-2014-3092 — Sensitive Information Exposure in IBM Rational Doors Next Generation

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 54.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager IBM Rational Quality Manager +4 more

Timeline

PublishedSep 12

Latest updateMay 17

Description

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

▶NVDibm/rational_quality_manager23 versions+22

▶NVDibm/rational_engineering_lifecycle_manager7 versions+6

▶NVDibm/rational_team_concert21 versions+20

▶NVDibm/rational_rhapsody_design_manager11 versions+10

▶NVDibm/rational_software_architect_design_manager12 versions+11

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3f45-qgc4-vqqg: IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3↗2022-05-17

▶

CVEList

CVE-2014-3092: IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3↗2014-09-12

▶