CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0931

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile0.51th
PublishedApr 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.

Affected Platforms (CPE)

πŸ“¦
Ibm

Rational Clearcase

>= 7.1 and <= 7.1.0.2
πŸ“¦
Ibm

Rational Clearcase

>= 7.1.1 and <= 7.1.1.9
πŸ“¦
Ibm

Rational Clearcase

>= 7.1.2 and <= 7.1.2.13
πŸ“¦
Ibm

Rational Clearcase

>= 8.0 and <= 8.0.0.10
πŸ“¦
Ibm

Rational Clearcase

>= 8.0.1 and <= 8.0.1.3

References & Advisories

πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21668868
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/92263
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21668868
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/92263

Related Vulnerabilities

CVE-2019-40599.8

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtai...

CVE-2014-62219.4

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and...

CVE-2015-50397.4

The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before ...

CVE-2013-54167.2

Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows lo...