CVE-2014-3106

CWE-287Improper Authentication4 documents4 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 50.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedSep 23
Latest updateMay 17

Description

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearcase44 versions+43

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-79gj-6h44-rvgj: IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2014-3106: IBM Rational ClearQuest 72014-09-23

💬Community

1
Bugzilla
CVE-2014-2576 claws-mail: RSSyl plug-in does not verify SSL certificates allowing man-in-the-middle attacks2014-03-27