Denial of Service Flaw in IBM Rational ClearCase Software
CVE-2014-3090

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 23 September 2014

Summary

A vulnerability in IBM Rational ClearCase allows remote attackers to perform denial of service attacks by leveraging specially crafted XML documents filled with extensive nested entity references. This fault leads to excessive memory consumption, potentially crippling the application and disrupting services. Users of affected versions 7.1, 8.0.0, and 8.0.1 should consider upgrading to the latest patches to mitigate the risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94256

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/69964

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1030883

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 23, 2014
Vulnerability Reserved
Apr 29, 2014