CVE-2014-0950: XEE
First published: Fri Apr 20 2018(Updated: )
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational ClearQuest | >=7.1.1<=7.1.1.9 | |
| IBM Rational ClearQuest | >=7.1.2<=7.1.2.13 | |
| IBM Rational ClearQuest | >=8.0.0<=8.0.0.10 | |
| IBM Rational ClearQuest | >=8.0.1<=8.0.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational clearquest
- version/ibm rational clearquest/7.1.1
- version/ibm rational clearquest/7.1.1.9
- version/ibm rational clearquest/7.1.2
- version/ibm rational clearquest/7.1.2.13
- version/ibm rational clearquest/8.0.0
- version/ibm rational clearquest/8.0.0.10
- version/ibm rational clearquest/8.0.1
- version/ibm rational clearquest/8.0.1.3