CVE-2016-2922

LOW

IBM Rational ClearQuest 8.0.0.0-8.0.0.21 - Improper Certificate Validation

Title source: llm
STIX 2.1

Description

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10718377
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/113353

Scores

CVSS v3 3.7
EPSS 0.0067
EPSS Percentile 47.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-295
Status published
Products (1)
ibm/rational_clearquest 8.0.0.0 - 8.0.0.21
Published Aug 13, 2018
Tracked Since Feb 18, 2026