CVE-2014-3105

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 56.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Clearcase

Timeline

PublishedSep 23

Latest updateMay 17

Description

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/rational_clearcase44 versions+43

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p9xp-4qhh-8rv8: The OSLC integration feature in the Web component in IBM Rational ClearQuest 7↗2022-05-17

▶

CVEList

CVE-2014-3105: The OSLC integration feature in the Web component in IBM Rational ClearQuest 7↗2014-09-23

▶