Denial of Service Vulnerability in IBM Rational ClearQuest
CVE-2014-3104

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 23 September 2014

What is CVE-2014-3104?

IBM Rational ClearQuest versions prior to 7.1.2.15, 8.0.0.12, and 8.0.1.5 are susceptible to a denial of service attack. This vulnerability enables remote attackers to deplete system memory by sending a specially crafted XML document that contains numerous nested entity references. Such attacks can lead to significant system disruptions and affect overall service availability, reminiscent of the issues outlined in previous CVEs.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682942

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94311

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2014
Vulnerability Reserved
Apr 29, 2014