XML External Entity Vulnerability in IBM Rational ClearCase
CVE-2014-0931
9.1CRITICAL
Summary
Multiple XML External Entity (XXE) vulnerabilities exist in IBM Rational ClearCase, affecting various components including the CCRC WAN Server and integration scripts. These flaws allow remote attackers to exploit crafted XML data, potentially leading to denial of service and unauthorized access to other servers. Systems using versions 7.1.x and 8.0.x of Rational ClearCase are particularly at risk if left unpatched.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved