CVE-2014-0931 - Vulnerability Details - OpenCVE

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Clearcase

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_clearcase::::::::
	cpe:2.3:a:ibm:rational_clearcase::::::::
	cpe:2.3:a:ibm:rational_clearcase::::::::
	cpe:2.3:a:ibm:rational_clearcase::::::::
	cpe:2.3:a:ibm:rational_clearcase::::::::

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21668868
https://exchange.xforce.ibmcloud.com/vulnerabilities/92263

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-04-20T21:00:00

Updated: 2024-08-06T09:34:40.349Z

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0931

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-20T21:29:00.457

Modified: 2024-11-21T02:03:03.810

Link: CVE-2014-0931

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-20T20:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-clearcase-cve20140931-xxe(92263)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0931", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-clearcase-cve20140931-xxe(92263)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:34:40.349Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-clearcase-cve20140931-xxe(92263)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0931", "datePublished": "2018-04-20T21:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:34:40.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "matchCriteriaId": "33D0745A-86D8-4077-B08D-E130155CE906", "versionEndIncluding": "7.1.0.2", "versionStartIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "matchCriteriaId": "110D8B47-39C6-4859-9473-3A00704E0DF2", "versionEndIncluding": "7.1.1.9", "versionStartIncluding": "7.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "matchCriteriaId": "588FC5AF-08A5-43C8-BEDC-B23D7666378F", "versionEndIncluding": "7.1.2.13", "versionStartIncluding": "7.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "matchCriteriaId": "190BFB10-0F26-4376-BF87-FDC650854466", "versionEndIncluding": "8.0.0.10", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E809EC3-3FE7-48E8-9CFE-B467288F3FEE", "versionEndIncluding": "8.0.1.3", "versionStartIncluding": "8.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en (1) CCRC WAN Server / CM Server, (2) los scripts de desencadenamiento de integraci\u00f3n Perl CC/CQ, (3) la interfaz Java CMAPI, (4) el cliente remoto ClearCase y (5) los componentes de integraci\u00f3n basados en CMI y OSLC ClearQuest en IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92263."}], "id": "CVE-2014-0931", "lastModified": "2024-11-21T02:03:03.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-20T21:29:00.457", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}