CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0931
https://notcve.org/view.php?id=CVE-2014-0931
20 Apr 2018 — Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. Múltiples vulnerabilida... • http://www-01.ibm.com/support/docview.wss?uid=swg21668868 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5039
https://notcve.org/view.php?id=CVE-2015-5039
26 Mar 2018 — The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. El cliente remoto y las integraciones de gestión de cambio en las versiones 7.1.x y 8.0.0.x de IBM Rational ClearCase anteriores a la 8.0.0.1... • http://www-01.ibm.com/support/docview.wss?uid=swg21976566 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3103
https://notcve.org/view.php?id=CVE-2014-3103
23 Sep 2014 — The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no configura el indicador de seguridad para la cookie de la sesión en una sesi... • http://www-01.ibm.com/support/docview.wss?uid=swg21682947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3104
https://notcve.org/view.php?id=CVE-2014-3104
23 Sep 2014 — IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado que... • http://www-01.ibm.com/support/docview.wss?uid=swg21682942 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3105
https://notcve.org/view.php?id=CVE-2014-3105
23 Sep 2014 — The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests. La función de integración OSLC en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 proporciona mensajes de... • http://www-01.ibm.com/support/docview.wss?uid=swg21682949 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3106
https://notcve.org/view.php?id=CVE-2014-3106
23 Sep 2014 — IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no implementa debidamente el mecanismo de protección de Local Access Only, lo que permite a atacantes remotos evadir la autenticac... • http://www-01.ibm.com/support/docview.wss?uid=swg21682950 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3090
https://notcve.org/view.php?id=CVE-2014-3090
23 Sep 2014 — IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM Rational ClearCase 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado que t... • http://www-01.ibm.com/support/docview.wss?uid=swg21677285 •
CVSS: 9.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3101
https://notcve.org/view.php?id=CVE-2014-3101
23 Sep 2014 — The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. El formulario de inicio de sesión en el componente web en IBM Rational ClearQuest 7.1 anterior a 7.1.2.15, 8.0.0 anterior a 8.0.0.12, y 8.0.1 anterior a 8.0.1.5 no introduce un retraso después de un intento de autenticación fallido... • http://www-01.ibm.com/support/docview.wss?uid=swg21682946 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0829
https://notcve.org/view.php?id=CVE-2014-0829
21 Mar 2014 — Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors. Múltiples desbordamientos de buffer en IBM Rational ClearCase 7.x anterior a 7.1.2.13, 8.0.0.x anterior a 8.0.0.10 y 8.0.1.x anterior a 8.0.1.3 permiten a usuarios remotos autenticados obtener acceso privilegiado a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21662086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-5422
https://notcve.org/view.php?id=CVE-2013-5422
19 Dec 2013 — The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors. El Web Client de IBM Rational ClearQuest 7.1 hasta 7.1.2.12, 8.0.0.x anteriores a 8.0.0.9, y 8.0.1.x anteriores a 8.0.1.2, cuando existe un dataset multi-database permite a atacantes remotos leer los nombres de base de datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •