IBM Rational ClearCase is vulnerable to XML external entity attacks. These attacks could cause denial of service or be used to attack other servers accessible from a client or server.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2014-0931
**Description:**IBM Rational ClearCase is vulnerable to XML external entity attacks. A malicious server could provoke a client to access other servers. A malicious client could cause denial of service on a server, or cause the server to access other servers.
The vulnerable components are:
CVSS Base Score: 5.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92263> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
ClearCase version
|
Status
—|—
8.0.1 through 8.0.1.3
|
Affected
8.0 through 8.0.0.10
|
Affected
7.1.2 through 7.1.2.13
|
Affected
7.1.0.x, 7.1.1.x (all versions and fix packs)
|
Affected
7.0.x
|
Not affected
The solution is to upgrade to a newer fix pack of ClearCase.
Affected Versions
|
** Applying the fix**
—|—
8.0.1.x
| Install Rational ClearCase Fix Pack 4 (8.0.1.4) for 8.0.1
8.0.0.x
| Install Rational ClearCase Fix Pack 11 (8.0.0.11) for 8.0
7.1.2.x
| Install Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2
7.1.1.x
7.1.0.x
| Install Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2
Disable the Perl trigger based ClearCase/ClearQuest integration until you apply the fixes to clients. Disable the CMI and OSLC-based CQ integrations until you apply the fixes to clients.
Disable CCRC WAN server until you apply the fixes to servers.