CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5039
https://notcve.org/view.php?id=CVE-2015-5039
26 Mar 2018 — The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. El cliente remoto y las integraciones de gestión de cambio en las versiones 7.1.x y 8.0.0.x de IBM Rational ClearCase anteriores a la 8.0.0.1... • http://www-01.ibm.com/support/docview.wss?uid=swg21976566 • CWE-310: Cryptographic Issues •
CVSS: 9.4EPSS: 0%CPEs: 37EXPL: 0CVE-2014-6221
https://notcve.org/view.php?id=CVE-2014-6221
06 Apr 2015 — The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. La implementación de la interfaz MSCAPI/MSCNG en GSKit en IBM Rational ClearCase 7.1.2.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 no genera correctamente los númer... • http://www-01.ibm.com/support/docview.wss?uid=swg21698893 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-6134
https://notcve.org/view.php?id=CVE-2014-6134
25 Mar 2015 — IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. IBM Rational ClearCase 8.0.0 anterior a 8.0.0.14 y 8.0.1 anterior a 8.0.1.7, cuando se utiliza Installation Manager anterior a 1.8.2, retiene las contraseñas del servidor en texto plano en ... • http://www-01.ibm.com/support/docview.wss?uid=swg21688450 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •