CVE-2015-5039

CWE-3103 documents3 sources
Severity
7.4HIGH
EPSS
0.1%
top 68.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearcase
Timeline
PublishedMar 26
Latest updateMay 14

Description

The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

NVDibm/rational_clearcase7.17.1.2.16+2

🔴Vulnerability Details

2
GHSA
GHSA-wr3c-hrxx-6gqh: The Remote Client and change management integrations in IBM Rational ClearCase 72022-05-14
CVEList
CVE-2015-5039: The Remote Client and change management integrations in IBM Rational ClearCase 72018-03-26
CVE-2015-5039 (HIGH CVSS 7.4) | The Remote Client and change manage | cvebase.io