Auth bypass in Ibm Rational_clearcase

CVE-2014-3106

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via…

Vulnerability class: Broken Authentication

EPSS: 0.003 (49.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearcase — versions 7.1, 7.1.0.1, 7.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
ibm-clearquest-cve20143106-local(94313) (vdb-entry, x_refsource_XF)