CVE-2014-3105

Currently unrated

Key Information:

Vendor
IBM
Status
Rational Clearcase
Vendor
CVE Published:
23 September 2014

Summary

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682949
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/94312
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.