PT-2018-4133 · Ibm · Ibm Rational Clearquest
Published
2018-04-20
·
Updated
2018-05-24
·
CVE-2014-0950
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Rational ClearQuest versions 7.1.1 through 7.1.1.9
IBM Rational ClearQuest versions 7.1.2 through 7.1.2.13
IBM Rational ClearQuest versions 8.0.0 through 8.0.0.10
IBM Rational ClearQuest versions 8.0.1 through 8.0.1.3
Description
The issue allows remote attackers to cause a denial of service or access other servers via crafted XML data, exploiting multiple XML external entity (XXE) vulnerabilities in various components, including CQWeb / CM Server, ClearQuest Native client, ClearQuest Eclipse client, and ClearQuest Eclipse Designer.
Recommendations
For IBM Rational ClearQuest versions 7.1.1 through 7.1.1.9, update to a version outside of this range to resolve the issue.
For IBM Rational ClearQuest versions 7.1.2 through 7.1.2.13, update to a version outside of this range to resolve the issue.
For IBM Rational ClearQuest versions 8.0.0 through 8.0.0.10, update to a version outside of this range to resolve the issue.
For IBM Rational ClearQuest versions 8.0.1 through 8.0.1.3, update to a version outside of this range to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Clearquest