CVE-2015-5039

7.4HIGH

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 26 March 2018

Summary

The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21976566

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/106715

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2018
Vulnerability Reserved
Jun 24, 2015