IBM Rational ClearQuese is vulnerable to XML external entity attacks. These attacks could cause denial of service or be used to attack other servers accessible from a client or server.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2014-0950
**Description:**IBM Rational ClearQuest is vulnerable to XML external entity attacks. A malicious server could provoke a client to access other servers. A malicious client could cause denial of service on a server, or cause the server to access other servers.
The vulnerable components are:
CVSS Base Score: 4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92623> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
IBM Rational ClearQuest versions 7.1.1 through 7.1.1.9, 7.1.2 through** **7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3
ClearQuest version | Status |
---|---|
8.0.1 through 8.0.1.3 | Affected |
8.0 through 8.0.0.10 | Affected |
7.1.2 through 7.1.2.13 | Affected |
7.1.0.x, 7.1.1.x (all versions and fix packs) | Affected |
The solution is to upgrade to a newer fix pack of ClearQuest.
Affected Versions | ** Apply the fix** |
---|---|
8.0.1.x | Rational ClearQuest Fix Pack 4 (8.0.1.4) for 8.0.1 |
8.0.0.x | Rational ClearQuest Fix Pack 11 (8.0.0.11) for 8.0 |
7.1.2.x | Rational ClearQuest Fix Pack 14 (7.1.2.14) for 7.1.2 |
7.1.1.x | |
7.1.0.x | Rational ClearQuest Fix Pack 14 (7.1.2.14) for 7.1.2 |
None