XML External Entity Vulnerabilities in IBM Rational ClearQuest
CVE-2014-0950

7.1HIGH

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 20 April 2018

What is CVE-2014-0950?

Multiple vulnerabilities related to XML external entities exist in IBM Rational ClearQuest components, which allow attackers to send specially crafted XML data. This can lead to a denial of service or unauthorized access to other servers. Affected versions span several releases of Rational ClearQuest, emphasizing the importance of applying security measures to mitigate potential exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21675164

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/92623

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2018
Vulnerability Reserved
Jan 6, 2014