CVE-2014-6134
IBM Rational ClearCase 8.0.0-8.0.0.14 & 8.0.1-8.0.1.7 Sensitive Information Exposure via Password Retention
Title source: llmDescription
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21688450
Scores
EPSS
0.0033
EPSS Percentile
25.1%
Details
CWE
CWE-200
Status
published
Products (22)
ibm/installation_manager
< 1.8.1.0
ibm/rational_clearcase
8.0.0
ibm/rational_clearcase
8.0.0.1
ibm/rational_clearcase
8.0.0.2
ibm/rational_clearcase
8.0.0.3
ibm/rational_clearcase
8.0.0.4
ibm/rational_clearcase
8.0.0.5
ibm/rational_clearcase
8.0.0.6
ibm/rational_clearcase
8.0.0.7
ibm/rational_clearcase
8.0.0.8
... and 12 more
Published
Mar 25, 2015
Tracked Since
Feb 18, 2026