CVE-2014-0950

7.1HIGH

Key Information:

Vendor
IBM
Status
Rational Clearquest
Vendor
CVE Published:
20 April 2018

Summary

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21675164
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/92623
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.