CVSS: 9.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3101
https://notcve.org/view.php?id=CVE-2014-3101
23 Sep 2014 — The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. El formulario de inicio de sesión en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no introduce un retraso después de un intento de autenticación fallido... • http://www-01.ibm.com/support/docview.wss?uid=swg21682946 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0829
https://notcve.org/view.php?id=CVE-2014-0829
21 Mar 2014 — Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors. Múltiples desbordamientos de buffer en IBM Rational ClearCase 7.x anterior a 7.1.2.13, 8.0.0.x anterior a 8.0.0.10 y 8.0.1.x anterior a 8.0.1.3 permiten a usuarios remotos autenticados obtener acceso privilegiado a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21662086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-5422
https://notcve.org/view.php?id=CVE-2013-5422
19 Dec 2013 — The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors. El Web Client de IBM Rational ClearQuest 7.1 hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.9, y 8.0.1.x anteriores a 8.0.1.2, cuando existe un dataset multi-database permite a atacantes remotos leer los nombres de base de datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2013-5415
https://notcve.org/view.php?id=CVE-2013-5415
18 Dec 2013 — Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en IBM Rational ClearCase hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.9 y 8.0.1.x anteriores a 8.0.1.2 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21657982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2013-5416
https://notcve.org/view.php?id=CVE-2013-5416
18 Dec 2013 — Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en IBM Rational ClearCase hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.3 y 8.0.1.x anteriores a 8.0.1.2 permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21657982 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5373
https://notcve.org/view.php?id=CVE-2013-5373
25 Sep 2013 — The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands. El componente RemoteClient en IBM Rational ClearCase 8.0.0.03 hasta la versión 8.0.0.07, y 8.0.1, utiliza permisos de escritura para el script rcleartool, lo que permite a usuarios locales obtener privilegios añadiendo comandos. • http://www-01.ibm.com/support/docview.wss?uid=swg21648811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2011-1205
https://notcve.org/view.php?id=CVE-2011-1205
29 Mar 2011 — Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. Múltiples desbordamientos de búfer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros... • http://www.ibm.com/support/docview.wss?uid=swg21470998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2009-4357
https://notcve.org/view.php?id=CVE-2009-4357
18 Dec 2009 — CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. La interfaz web (también conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexión automática, lo que podría permitir descubrir las contraseñas de cuentas de usuario los atacantes remotos mediante vectores no esp... • http://secunia.com/advisories/37811 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1292
https://notcve.org/view.php?id=CVE-2009-1292
14 Apr 2009 — UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. UCM-CQ en IBM Rational ClearCase 7.0.0.x versiones anteriores a v7.0.0.5, 7.0.1.x versiones anteriores a v7.0.1.4, y 7.1.x versiones anteriores a v7.1.0.1 en Linux y AIX sitúa un nombre de usuario y una contraseña en la línea de comandos, lo cual permite a usuarios ... • http://secunia.com/advisories/34689 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •