CVE-2014-3101

IBM Rational Clearcase - Authentication Bypass

Title source: rule

Description

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

References (3)

Scores

EPSS 0.0022
EPSS Percentile 43.9%

Classification

CWE
CWE-287
Status draft

Affected Products (44)

ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
ibm/rational_clearcase
... and 29 more

Timeline

Published Sep 23, 2014
Tracked Since Feb 18, 2026