CVE-2014-6134

IBM Rational ClearCase 8.0.0-8.0.0.14 & 8.0.1-8.0.1.7 Sensitive Information Exposure via Password Retention

Title source: llm
STIX 2.1

Description

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21688450

Scores

EPSS 0.0033
EPSS Percentile 25.1%

Details

CWE
CWE-200
Status published
Products (22)
ibm/installation_manager < 1.8.1.0
ibm/rational_clearcase 8.0.0
ibm/rational_clearcase 8.0.0.1
ibm/rational_clearcase 8.0.0.2
ibm/rational_clearcase 8.0.0.3
ibm/rational_clearcase 8.0.0.4
ibm/rational_clearcase 8.0.0.5
ibm/rational_clearcase 8.0.0.6
ibm/rational_clearcase 8.0.0.7
ibm/rational_clearcase 8.0.0.8
... and 12 more
Published Mar 25, 2015
Tracked Since Feb 18, 2026