CVE-2014-3106

IBM Rational ClearQuest 7.1-8.0.1 - Unauthenticated Authentication Bypass via Help Server Administration Feature

Title source: llm
STIX 2.1

Description

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682950
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94313

Scores

EPSS 0.0185
EPSS Percentile 76.4%

Details

CWE
CWE-287
Status published
Products (44)
ibm/rational_clearcase 7.1
ibm/rational_clearcase 7.1.0.1
ibm/rational_clearcase 7.1.0.2
ibm/rational_clearcase 7.1.1
ibm/rational_clearcase 7.1.1.1
ibm/rational_clearcase 7.1.1.2
ibm/rational_clearcase 7.1.1.3
ibm/rational_clearcase 7.1.1.4
ibm/rational_clearcase 7.1.1.5
ibm/rational_clearcase 7.1.1.6
... and 34 more
Published Sep 23, 2014
Tracked Since Feb 18, 2026