IBM Rational ClearQuest 7.1.x < 126.96.36.199 / 8.0.0.x < 188.8.131.52 / 8.0.1.x < 184.108.40.206 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 81783
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of IBM Rational ClearQuest 7.1.x prior to 220.127.116.11 / 8.0.0.x prior to 18.104.22.168 / 8.0.1.x prior to 22.214.171.124 installed. It is, therefore, potentially affected by multiple vulnerabilities :
- A security bypass vulnerability exists due to an error in the login form which allows a remote attacker to perform brute-force attacks. (CVE-2014-3101)
- A security bypass vulnerability exists due to the lack of the secure flag for the session cookie during an SSL session. (CVE-2014-3103)
- A denial of service vulnerability exists due to improper parsing of recursion during entity expansion of XML documents. (CVE-2014-3104)
- A user enumeration vulnerability exists in the Open Services for Lifecycle Collaboration (OSLC) due to different error messages being displayed when a user submits valid and invalid credentials. (CVE-2014-3105)
- A security bypass vulnerability exists due to improper enforcement of the 'Local Access Only' ACL related to the Help Server Administrator system. (CVE-2014-3106)
SolutionUpgrade to IBM Rational ClearQuest 126.96.36.199 / 188.8.131.52 / 184.108.40.206 or later.