| |
Vulnerability CVE-2014-3106
Published: 2014-09-23 Modified: 2014-09-24
| Description: |
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. |
Type:
CWE-287 (Improper Authentication)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www-01.ibm.com/support/docview.wss?uid=swg21682950
http://xforce.iss.net/xforce/xfdb/94313
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
