CVE-2014-3103

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 56.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedSep 23
Latest updateMay 17

Description

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearcase44 versions+43

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6v82-rqfh-g76c: The Web component in IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2014-3103: The Web component in IBM Rational ClearQuest 72014-09-23
CVE-2014-3103 (MEDIUM CVSS 5) | The Web component in IBM Rational C | cvebase.io