CVE-2016-2922Improper Certificate Validation in IBM Rational Clearquest

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUMNVD
CNA3.7
EPSS
0.1%
top 76.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedAug 13
Latest updateMay 13

Description

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/rational_clearquest8.0.0.08.0.0.21+3
CVEListV5ibm/rational_clearquest51 versions+50

🔴Vulnerability Details

2
GHSA
GHSA-jm2m-hh98-h83r: IBM Rational ClearQuest 82022-05-13
CVEList
CVE-2016-2922: IBM Rational ClearQuest 82018-08-13
CVE-2016-2922 — Improper Certificate Validation in IBM | cvebase