CVE-2014-0931

Name of the Vulnerable Software and Affected Versions IBM Rational ClearCase versions 7.1.0.x through 7.1.2.13, 8.0.0 through 8.0.1.3

Description The issue allows remote attackers to cause a denial of service or access other servers via crafted XML data, exploiting multiple XML external entity (XXE) vulnerabilities in various components, including the CCRC WAN Server, Perl CC/CQ integration trigger scripts, CMAPI Java interface, ClearCase remote client, and CMI and OSLC-based ClearQuest integrations.

Recommendations For versions 7.1.0.x through 7.1.2.13, update to a version outside of the affected range to resolve the issue. For versions 8.0.0 through 8.0.0.10, update to a version outside of the affected range to resolve the issue. For versions 8.0.1 through 8.0.1.3, update to a version outside of the affected range to resolve the issue.