Rational Clearcase

rational_clearcase

Vendor: Ibm • 19 CVEs

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-4059 1Ibm 1Rational Clearcase Nov 21, 2024 Feb 15, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 1565...Show more IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.Show less
CVE-2014-0931 1Ibm 1Rational Clearcase Nov 21, 2024 Apr 20, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based Cle...Show more Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.Show less
CVE-2015-5039 1Ibm 1Rational Clearcase Nov 21, 2024 Mar 26, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which...Show more The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.Show less
CVE-2014-6221 1Ibm 1Rational Clearcase May 6, 2026 Apr 6, 2015 N/A· v4 N/A· v3 9.4 HIGH· v2 The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier f...Show more The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.Show less
CVE-2014-6134 1Ibm 2Installation Manager Rational Clearcase May 6, 2026 Mar 25, 2015 N/A· v4 N/A· v3 1.2 LOW· v2 IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which mig...Show more IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.Show less
CVE-2014-3106 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication...Show more IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.Show less
CVE-2014-3105 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on w...Show more The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.Show less
CVE-2014-3104 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number...Show more IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.Show less
CVE-2014-3103 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote...Show more The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.Show less
CVE-2014-3101 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for...Show more The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.Show less
CVE-2014-3090 1Ibm 1Rational Clearcase May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number o...Show more IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.Show less
CVE-2014-0829 1Ibm 1Rational Clearcase May 6, 2026 Mar 21, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
CVE-2013-5422 1Ibm 1Rational Clearcase Apr 29, 2026 Dec 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vec...Show more The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.Show less
CVE-2013-5416 1Ibm 1Rational Clearcase Apr 29, 2026 Dec 18, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
CVE-2013-5415 1Ibm 1Rational Clearcase Apr 29, 2026 Dec 18, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
CVE-2013-5373 1Ibm 1Rational Clearcase Apr 29, 2026 Sep 25, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
CVE-2011-1205 1Ibm 3Rational Clearcase Rational ClearquestRational Common Licensing Apr 29, 2026 Mar 29, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local...Show more Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.Show less
CVE-2009-4357 1Ibm 2Rational Clearcase Rational Clearquest Apr 23, 2026 Dec 18, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecifi...Show more CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.Show less
CVE-2009-1292 1Ibm 1Rational Clearcase Apr 23, 2026 Apr 14, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credential...Show more UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.Show less