Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9EB702FB6B2C403750503AF358E1CBA5C76C1807C5CBC3DED1E6EBD5DCFE8A6B
HistoryJul 10, 2018 - 8:34 a.m.

Security Bulletin: XML External Entity (XXE) vulnerabilities in ClearCase (CVE-2014-0931)

2018-07-1008:34:12
www.ibm.com
7

EPSS

0.002

Percentile

65.0%

JSON

Summary

IBM Rational ClearCase is vulnerable to XML external entity attacks. These attacks could cause denial of service or be used to attack other servers accessible from a client or server.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID:CVE-2014-0931

**Description:**IBM Rational ClearCase is vulnerable to XML external entity attacks. A malicious server could provoke a client to access other servers. A malicious client could cause denial of service on a server, or cause the server to access other servers.

The vulnerable components are:

  • CCRC WAN Server / CM Server
  • Perl CC/CQ integration trigger scripts (clients)
  • CMAPI Java interface (clients)
  • ClearCase remote client
  • CMI and OSLC-based ClearQuest integrations (clients)

CVSS Base Score: 5.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92263&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Affected Products and Versions

ClearCase version

|

Status

—|—

8.0.1 through 8.0.1.3

|

Affected

8.0 through 8.0.0.10

|

Affected

7.1.2 through 7.1.2.13

|

Affected

7.1.0.x, 7.1.1.x (all versions and fix packs)

|

Affected

7.0.x

|

Not affected

Remediation/Fixes

The solution is to upgrade to a newer fix pack of ClearCase.

Affected Versions

|

** Applying the fix**

—|—

8.0.1.x

| Install Rational ClearCase Fix Pack 4 (8.0.1.4) for 8.0.1

8.0.0.x

| Install Rational ClearCase Fix Pack 11 (8.0.0.11) for 8.0

7.1.2.x

| Install Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2

7.1.1.x
7.1.0.x

| Install Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2

  • Note: 7.1.2.14 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs.

Workarounds and Mitigations

Disable the Perl trigger based ClearCase/ClearQuest integration until you apply the fixes to clients. Disable the CMI and OSLC-based CQ integrations until you apply the fixes to clients.

Disable CCRC WAN server until you apply the fixes to servers.

Related

prion 1
cve 1
nvd 1
cvelist 1
prion
prion
Xxe
2018-04-20 21:29:00
cve
cve
CVE-2014-0931
2018-04-20 21:29:00
nvd
nvd
CVE-2014-0931
2018-04-20 21:29:00
cvelist
cvelist
CVE-2014-0931
2018-04-20 21:00:00

EPSS

0.002

Percentile

65.0%

JSON
Related for 9EB702FB6B2C403750503AF358E1CBA5C76C1807C5CBC3DED1E6EBD5DCFE8A6B
prion1cve1nvd1cvelist1