OSLC Integration Feature Vulnerability in IBM Rational ClearQuest
CVE-2014-3105

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 23 September 2014

Summary

The OSLC integration feature in IBM Rational ClearQuest prior to specified versions exposes a critical vulnerability whereby attackers can exploit differing error messages for failed login attempts. This allows unauthorized remote access to enumerate valid account names, potentially leading to further attacks. Organizations using affected versions should implement immediate security measures to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682949

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94312

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 23, 2014
Vulnerability Reserved
Apr 29, 2014