CVE-2014-0950

Name of the Vulnerable Software and Affected Versions IBM Rational ClearQuest versions 7.1.1 through 7.1.1.9 IBM Rational ClearQuest versions 7.1.2 through 7.1.2.13 IBM Rational ClearQuest versions 8.0.0 through 8.0.0.10 IBM Rational ClearQuest versions 8.0.1 through 8.0.1.3

Description The issue allows remote attackers to cause a denial of service or access other servers via crafted XML data, exploiting multiple XML external entity (XXE) vulnerabilities in various components, including CQWeb / CM Server, ClearQuest Native client, ClearQuest Eclipse client, and ClearQuest Eclipse Designer.

Recommendations For IBM Rational ClearQuest versions 7.1.1 through 7.1.1.9, update to a version outside of this range to resolve the issue. For IBM Rational ClearQuest versions 7.1.2 through 7.1.2.13, update to a version outside of this range to resolve the issue. For IBM Rational ClearQuest versions 8.0.0 through 8.0.0.10, update to a version outside of this range to resolve the issue. For IBM Rational ClearQuest versions 8.0.1 through 8.0.1.3, update to a version outside of this range to resolve the issue.