Information disclosure in Ibm Rational_clearcase

CVE-2014-3103

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to captur…

Vulnerability class: Information Disclosure

EPSS: 0.002 (43.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearcase — versions 7.1, 7.1.0.1, 7.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
ibm-clearquest-cve20143103-secureflag(94270) (vdb-entry, x_refsource_XF)