CVE-2014-3092: Infoleak
First published: Fri Sep 12 2014(Updated: )
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational DOORS Next Generation | =4.0.0 | |
| IBM Rational DOORS Next Generation | =4.0.1 | |
| IBM Rational DOORS Next Generation | =4.0.2 | |
| IBM Rational DOORS Next Generation | =4.0.3 | |
| IBM Rational DOORS Next Generation | =4.0.4 | |
| IBM Rational DOORS Next Generation | =4.0.5 | |
| IBM Rational DOORS Next Generation | =4.0.6 | |
| IBM Rational DOORS Next Generation | =5.0 | |
| IBM Engineering Lifecycle Manager | =1.0 | |
| IBM Engineering Lifecycle Manager | =1.0.0.1 | |
| IBM Engineering Lifecycle Manager | =4.03 | |
| IBM Engineering Lifecycle Manager | =4.04 | |
| IBM Engineering Lifecycle Manager | =4.05 | |
| IBM Engineering Lifecycle Manager | =4.06 | |
| IBM Engineering Lifecycle Manager | =5.0 | |
| IBM Rational Quality Manager | =2.0 | |
| IBM Rational Quality Manager | =2.0.0.1 | |
| IBM Rational Quality Manager | =2.0.0.2 | |
| IBM Rational Quality Manager | =2.0.1 | |
| IBM Rational Quality Manager | =2.0.1.1 | |
| IBM Rational Quality Manager | =3.0 | |
| IBM Rational Quality Manager | =3.0.1 | |
| IBM Rational Quality Manager | =3.0.1.1 | |
| IBM Rational Quality Manager | =3.0.1.2 | |
| IBM Rational Quality Manager | =3.0.1.3 | |
| IBM Rational Quality Manager | =3.0.1.4 | |
| IBM Rational Quality Manager | =3.0.1.5 | |
| IBM Rational Quality Manager | =3.0.1.6 | |
| IBM Rational Quality Manager | =4.0 | |
| IBM Rational Quality Manager | =4.0.0.1 | |
| IBM Rational Quality Manager | =4.0.0.2 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.6 | |
| IBM Rational Quality Manager | =5.0 | |
| IBM Rational Requirements Composer | =2.0 | |
| IBM Rational Requirements Composer | =2.0.0.1 | |
| IBM Rational Requirements Composer | =2.0.0.2 | |
| IBM Rational Requirements Composer | =2.0.0.3 | |
| IBM Rational Requirements Composer | =2.0.0.4 | |
| IBM Rational Requirements Composer | =3.0 | |
| IBM Rational Requirements Composer | =3.0.1 | |
| IBM Rational Requirements Composer | =3.0.1.1 | |
| IBM Rational Requirements Composer | =3.0.1.2 | |
| IBM Rational Requirements Composer | =3.0.1.3 | |
| IBM Rational Requirements Composer | =3.0.1.4 | |
| IBM Rational Requirements Composer | =3.0.1.5 | |
| IBM Rational Requirements Composer | =3.0.1.6 | |
| IBM Rational Requirements Composer | =4.0 | |
| IBM Rational Requirements Composer | =4.0.0 | |
| IBM Rational Requirements Composer | =4.0.0.1 | |
| IBM Rational Requirements Composer | =4.0.0.2 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 | |
| IBM Rational Requirements Composer | =4.0.6 | |
| IBM Rhapsody Design Manager | =3.0 | |
| IBM Rhapsody Design Manager | =3.0.0.1 | |
| IBM Rhapsody Design Manager | =3.0.1 | |
| IBM Rhapsody Design Manager | =4.0 | |
| IBM Rhapsody Design Manager | =4.0.1 | |
| IBM Rhapsody Design Manager | =4.0.2 | |
| IBM Rhapsody Design Manager | =4.0.3 | |
| IBM Rhapsody Design Manager | =4.0.4 | |
| IBM Rhapsody Design Manager | =4.0.5 | |
| IBM Rhapsody Design Manager | =4.0.6 | |
| IBM Rhapsody Design Manager | =5.0 | |
| IBM Rational Software Architect Design Manager | =3.0 | |
| IBM Rational Software Architect Design Manager | =3.0.0 | |
| IBM Rational Software Architect Design Manager | =3.0.0.1 | |
| IBM Rational Software Architect Design Manager | =3.0.1 | |
| IBM Rational Software Architect Design Manager | =4.0.0 | |
| IBM Rational Software Architect Design Manager | =4.0.1 | |
| IBM Rational Software Architect Design Manager | =4.0.2 | |
| IBM Rational Software Architect Design Manager | =4.0.3 | |
| IBM Rational Software Architect Design Manager | =4.0.4 | |
| IBM Rational Software Architect Design Manager | =4.0.5 | |
| IBM Rational Software Architect Design Manager | =4.0.6 | |
| IBM Rational Software Architect Design Manager | =5.0 | |
| IBM Rational Team Concert | =2.0 | |
| IBM Rational Team Concert | =2.0.0.1 | |
| IBM Rational Team Concert | =2.0.0.2 | |
| IBM Rational Team Concert | =3.0 | |
| IBM Rational Team Concert | =3.0.1 | |
| IBM Rational Team Concert | =3.0.1.1 | |
| IBM Rational Team Concert | =3.0.1.2 | |
| IBM Rational Team Concert | =3.0.1.3 | |
| IBM Rational Team Concert | =3.0.1.4 | |
| IBM Rational Team Concert | =3.0.1.5 | |
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0 | |
| IBM Rational Team Concert | =4.0.0.1 | |
| IBM Rational Team Concert | =4.0.0.2 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3092?
CVE-2014-3092 has a moderate severity level due to the risk of session hijacking through unprotected session cookies.
How do I fix CVE-2014-3092?
To fix CVE-2014-3092, ensure that the secure flag is set for session cookies in your configuration.
What versions are affected by CVE-2014-3092?
CVE-2014-3092 affects multiple versions of IBM Jazz Team Server, IBM Rational Quality Manager, and other Rational products prior to the specified updates.
What are the potential impacts of CVE-2014-3092?
The potential impacts of CVE-2014-3092 include unauthorized access and data exposure due to session hijacking.
Is CVE-2014-3092 under active exploitation?
As of now, there are no specific reports of active exploitation for CVE-2014-3092, but its vulnerability should be treated seriously.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/4.0.0
- version/ibm rational doors next generation/4.0.1
- version/ibm rational doors next generation/4.0.2
- version/ibm rational doors next generation/4.0.3
- version/ibm rational doors next generation/4.0.4
- version/ibm rational doors next generation/4.0.5
- version/ibm rational doors next generation/4.0.6
- version/ibm rational doors next generation/5.0
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/1.0
- version/ibm engineering lifecycle manager/1.0.0.1
- version/ibm engineering lifecycle manager/4.03
- version/ibm engineering lifecycle manager/4.04
- version/ibm engineering lifecycle manager/4.05
- version/ibm engineering lifecycle manager/4.06
- version/ibm engineering lifecycle manager/5.0
- canonical/ibm rational quality manager
- version/ibm rational quality manager/2.0
- version/ibm rational quality manager/2.0.0.1
- version/ibm rational quality manager/2.0.0.2
- version/ibm rational quality manager/2.0.1
- version/ibm rational quality manager/2.0.1.1
- version/ibm rational quality manager/3.0
- version/ibm rational quality manager/3.0.1
- version/ibm rational quality manager/3.0.1.1
- version/ibm rational quality manager/3.0.1.2
- version/ibm rational quality manager/3.0.1.3
- version/ibm rational quality manager/3.0.1.4
- version/ibm rational quality manager/3.0.1.5
- version/ibm rational quality manager/3.0.1.6
- version/ibm rational quality manager/4.0
- version/ibm rational quality manager/4.0.0.1
- version/ibm rational quality manager/4.0.0.2
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.6
- version/ibm rational quality manager/5.0
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/2.0
- version/ibm rational requirements composer/2.0.0.1
- version/ibm rational requirements composer/2.0.0.2
- version/ibm rational requirements composer/2.0.0.3
- version/ibm rational requirements composer/2.0.0.4
- version/ibm rational requirements composer/3.0
- version/ibm rational requirements composer/3.0.1
- version/ibm rational requirements composer/3.0.1.1
- version/ibm rational requirements composer/3.0.1.2
- version/ibm rational requirements composer/3.0.1.3
- version/ibm rational requirements composer/3.0.1.4
- version/ibm rational requirements composer/3.0.1.5
- version/ibm rational requirements composer/3.0.1.6
- version/ibm rational requirements composer/4.0
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.0.1
- version/ibm rational requirements composer/4.0.0.2
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5
- version/ibm rational requirements composer/4.0.6
- canonical/ibm rhapsody design manager
- version/ibm rhapsody design manager/3.0
- version/ibm rhapsody design manager/3.0.0.1
- version/ibm rhapsody design manager/3.0.1
- version/ibm rhapsody design manager/4.0
- version/ibm rhapsody design manager/4.0.1
- version/ibm rhapsody design manager/4.0.2
- version/ibm rhapsody design manager/4.0.3
- version/ibm rhapsody design manager/4.0.4
- version/ibm rhapsody design manager/4.0.5
- version/ibm rhapsody design manager/4.0.6
- version/ibm rhapsody design manager/5.0
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/3.0
- version/ibm rational software architect design manager/3.0.0
- version/ibm rational software architect design manager/3.0.0.1
- version/ibm rational software architect design manager/3.0.1
- version/ibm rational software architect design manager/4.0.0
- version/ibm rational software architect design manager/4.0.1
- version/ibm rational software architect design manager/4.0.2
- version/ibm rational software architect design manager/4.0.3
- version/ibm rational software architect design manager/4.0.4
- version/ibm rational software architect design manager/4.0.5
- version/ibm rational software architect design manager/4.0.6
- version/ibm rational software architect design manager/5.0
- canonical/ibm rational team concert
- version/ibm rational team concert/2.0
- version/ibm rational team concert/2.0.0.1
- version/ibm rational team concert/2.0.0.2
- version/ibm rational team concert/3.0
- version/ibm rational team concert/3.0.1
- version/ibm rational team concert/3.0.1.1
- version/ibm rational team concert/3.0.1.2
- version/ibm rational team concert/3.0.1.3
- version/ibm rational team concert/3.0.1.4
- version/ibm rational team concert/3.0.1.5
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0
- version/ibm rational team concert/4.0.0.1
- version/ibm rational team concert/4.0.0.2
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/5.0