CVE-2017-1701Inadequate Encryption Strength in IBM Rational Team Concert

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 78.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Rational Collaborative Lifecycle ManagementIBM Rational Team Concert
Timeline
PublishedApr 23
Latest updateMay 14

Description

IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDibm/rational_team_concert5.05.0.2+1
CVEListV5ibm/rational_team_concert9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-rg22-25wr-x484: IBM Team Concert (RTC) 52022-05-14
CVEList
CVE-2017-1701: IBM Team Concert (RTC) 52018-04-23
CVE-2017-1701 — Inadequate Encryption Strength in IBM | cvebase