Skip to main content

Rational Clearcase

14 CVEs product

Monthly

CVE-2019-4059 CRITICAL PATCH Act Now

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass IBM Rational Clearcase
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2014-6221 CRITICAL PATCH Act Now

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Rational Clearcase
NVD
CVSS 2.0
9.4
EPSS
0.6%
CVE-2014-6134 LOW PATCH Monitor

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation. Rated low severity (CVSS 1.2). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Installation Manager Rational Clearcase
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2014-3106 MEDIUM PATCH This Month

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3105 MEDIUM PATCH This Month

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3104 MEDIUM PATCH This Month

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3103 MEDIUM PATCH This Month

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3101 MEDIUM PATCH This Month

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3090 MEDIUM PATCH This Month

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Rational Clearcase
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-0829 MEDIUM PATCH This Month

Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Buffer Overflow Rational Clearcase
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-5422 MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5416 HIGH This Week

Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5415 HIGH This Week

Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Rational Clearcase
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5373 MEDIUM This Month

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation IBM Rational Clearcase
NVD
CVSS 2.0
6.9
EPSS
0.0%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass IBM Rational Clearcase
NVD
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Rational Clearcase
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation. Rated low severity (CVSS 1.2). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Installation Manager +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Rational Clearcase
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Clearcase
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Rational Clearcase
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Clearcase
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Rational Clearcase
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Rational Clearcase
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Buffer Overflow Rational Clearcase
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Rational Clearcase
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation IBM Rational Clearcase
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy