CVE-2014-6221

CWE-3103 documents3 sources
Severity
9.4CRITICAL
EPSS
0.6%
top 29.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedApr 6
Latest updateMay 17

Description

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:NExploitability: 10.0 | Impact: 9.2

Affected Packages1 packages

NVDibm/rational_clearcase37 versions+36

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-q86j-485g-vc49: The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 72022-05-17
CVEList
CVE-2014-6221: The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 72015-04-06
CVE-2014-6221 (CRITICAL CVSS 9.4) | The MSCAPI/MSCNG interface implemen | cvebase.io