User Credentials Exposure in IBM Rational ClearCase on Linux and AIX
CVE-2009-1292

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 14 April 2009

Summary

The UCM-CQ component in IBM Rational ClearCase prior to specified versions on Linux and AIX inadvertently exposes user credentials through command-line arguments. This flaw allows local users to list running processes and potentially capture sensitive information, specifically usernames and passwords. Organizations are recommended to update to the latest versions to mitigate this risk.

References

http://www.securityfocus.com/bid/34483

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/34689

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 14, 2009
Vulnerability Reserved
Apr 14, 2009