Remote Client Vulnerability in IBM Rational ClearCase
CVE-2015-5039

7.4HIGH

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 26 March 2018

Summary

A vulnerability exists in the Remote Client and change management integrations of IBM Rational ClearCase where improper validation of hostnames in X.509 certificates from SSL servers can be exploited. This could enable remote attackers to spoof SSL servers, potentially allowing them to obtain sensitive information or modify network traffic using specially crafted certificates. This issue affects various versions of IBM Rational ClearCase, posing a significant risk to user data and network integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21976566

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/106715

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2018
Vulnerability Reserved
Jun 24, 2015