Local Information Disclosure in IBM Rational ClearCase
CVE-2014-6134

Currently unrated

Key Information:

Vendor: IBM
Status: Installation Manager
Vendor: CVE Published:; 25 March 2015

Summary

IBM Rational ClearCase versions 8.0.0 prior to 8.0.0.14 and 8.0.1 prior to 8.0.1.7, when used with the Installation Manager version prior to 1.8.2, are susceptible to a local information disclosure vulnerability. This flaw arises from the retention of cleartext server passwords in the process memory during the installation process. Local users with access to the installation account can exploit this weakness to retrieve sensitive information, potentially compromising the security of the system and its data. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21688450

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 25, 2015
Vulnerability Reserved
Sep 2, 2014