CVE-2014-3101Improper Authentication in IBM Rational Clearcase

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 55.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedSep 23
Latest updateMay 17

Description

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearcase44 versions+43

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-rxhx-g8q9-v24x: The login form in the Web component in IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2014-3101: The login form in the Web component in IBM Rational ClearQuest 72014-09-23
CVE-2014-3101 — Improper Authentication in IBM | cvebase