XML External Entity Vulnerability in IBM Rational ClearCase
CVE-2014-0931

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 20 April 2018

What is CVE-2014-0931?

Multiple XML External Entity (XXE) vulnerabilities exist in IBM Rational ClearCase, affecting various components including the CCRC WAN Server and integration scripts. These flaws allow remote attackers to exploit crafted XML data, potentially leading to denial of service and unauthorized access to other servers. Systems using versions 7.1.x and 8.0.x of Rational ClearCase are particularly at risk if left unpatched.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/92263

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21668868

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2018
Vulnerability Reserved
Jan 6, 2014