IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by a remote code execution vulnerability.

Description :

The version of at least one IBM Rational Collaborative Lifecycle
Management component installed on the remote Windows host is 3.x prior
to 3.0.1.6 iFix2 or 4.x prior to 4.0.6. It is, therefore, potentially
affected by an unspecified remote code execution vulnerability in the
Jazz Team Server.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21664566

Solution :

Upgrade to IBM CLM 3.0.1.6 iFix2 / 4.0.6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72929 ()

Bugtraq ID: 65900

CVE ID: CVE-2014-0862

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now