CVE-2014-3104 — IBM Rational Clearcase vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

CNA6.5

EPSS

0.6%

top 31.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Clearcase

Timeline

PublishedSep 23

Latest updateMay 17

Description

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/rational_clearcase44 versions+43

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3qg-grm5-jw49: IBM Rational ClearQuest 7↗2022-05-17

▶

CVEList

CVE-2014-3104: IBM Rational ClearQuest 7↗2014-09-23

▶