XML External Entity Vulnerability in IBM Rational ClearCase
CVE-2014-0931

9.1CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 April 2018

Summary

Multiple XML External Entity (XXE) vulnerabilities exist in IBM Rational ClearCase, affecting various components including the CCRC WAN Server and integration scripts. These flaws allow remote attackers to exploit crafted XML data, potentially leading to denial of service and unauthorized access to other servers. Systems using versions 7.1.x and 8.0.x of Rational ClearCase are particularly at risk if left unpatched.

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.