CVE-2015-5039

Published: Mar 26, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.

Affected (3)

Products: Ibm: Rational Clearcase

1 product

Rational Clearcase

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Clearcase	After 8.0 to 8.0.0.17
Ibm Rational Clearcase	From 7.1 to 7.1.2.16
Ibm Rational Clearcase	From 8.0.1 to 8.0.1.10

Related CWEs

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21976566

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/106715

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21976566

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/106715

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.