What is the severity of CVE-2014-3105?

CVE-2014-3105 has a medium severity rating due to the potential for account enumeration via failed login messages.

How do I fix CVE-2014-3105?

To fix CVE-2014-3105, update IBM Rational ClearQuest to versions 7.1.2.15 or later, 8.0.0.12 or later, or 8.0.1.5 or later.

What products are affected by CVE-2014-3105?

CVE-2014-3105 affects IBM Rational ClearQuest versions prior to 7.1.2.15, 8.0.0.12, and 8.0.1.5.

What type of vulnerability is CVE-2014-3105?

CVE-2014-3105 is an account enumeration vulnerability that allows remote attackers to identify valid usernames.

Can CVE-2014-3105 impact system security?

Yes, CVE-2014-3105 can compromise system security by allowing attackers to gather valid usernames for potential brute-force attacks.

Vulnerability/
CVE-2014-3105

medium

CWE

200

23/9/2014

6/8/2024

CVE-2014-3105: Infoleak

First published: Tue Sep 23 2014(Updated: )

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational ClearCase	=7.1
IBM Rational ClearCase	=7.1.0.1
IBM Rational ClearCase	=7.1.0.2
IBM Rational ClearCase	=7.1.1
IBM Rational ClearCase	=7.1.1.1
IBM Rational ClearCase	=7.1.1.2
IBM Rational ClearCase	=7.1.1.3
IBM Rational ClearCase	=7.1.1.4
IBM Rational ClearCase	=7.1.1.5
IBM Rational ClearCase	=7.1.1.6
IBM Rational ClearCase	=7.1.1.7
IBM Rational ClearCase	=7.1.1.8
IBM Rational ClearCase	=7.1.1.9
IBM Rational ClearCase	=7.1.2
IBM Rational ClearCase	=7.1.2.1
IBM Rational ClearCase	=7.1.2.2
IBM Rational ClearCase	=7.1.2.3
IBM Rational ClearCase	=7.1.2.4
IBM Rational ClearCase	=7.1.2.5
IBM Rational ClearCase	=7.1.2.6
IBM Rational ClearCase	=7.1.2.7
IBM Rational ClearCase	=7.1.2.9
IBM Rational ClearCase	=7.1.2.10
IBM Rational ClearCase	=7.1.2.11
IBM Rational ClearCase	=7.1.2.12
IBM Rational ClearCase	=7.1.2.13
IBM Rational ClearCase	=7.1.2.14
IBM Rational ClearCase	=8.0
IBM Rational ClearCase	=8.0.0.1
IBM Rational ClearCase	=8.0.0.2
IBM Rational ClearCase	=8.0.0.3
IBM Rational ClearCase	=8.0.0.4
IBM Rational ClearCase	=8.0.0.5
IBM Rational ClearCase	=8.0.0.6
IBM Rational ClearCase	=8.0.0.7
IBM Rational ClearCase	=8.0.0.8
IBM Rational ClearCase	=8.0.0.9
IBM Rational ClearCase	=8.0.0.10
IBM Rational ClearCase	=8.0.0.11
IBM Rational ClearCase	=8.0.1
IBM Rational ClearCase	=8.0.1.1
IBM Rational ClearCase	=8.0.1.2
IBM Rational ClearCase	=8.0.1.3
IBM Rational ClearCase	=8.0.1.4

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21682949

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3105?
CVE-2014-3105 has a medium severity rating due to the potential for account enumeration via failed login messages.
How do I fix CVE-2014-3105?
To fix CVE-2014-3105, update IBM Rational ClearQuest to versions 7.1.2.15 or later, 8.0.0.12 or later, or 8.0.1.5 or later.
What products are affected by CVE-2014-3105?
CVE-2014-3105 affects IBM Rational ClearQuest versions prior to 7.1.2.15, 8.0.0.12, and 8.0.1.5.
What type of vulnerability is CVE-2014-3105?
CVE-2014-3105 is an account enumeration vulnerability that allows remote attackers to identify valid usernames.
Can CVE-2014-3105 impact system security?
Yes, CVE-2014-3105 can compromise system security by allowing attackers to gather valid usernames for potential brute-force attacks.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/remedy
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/ibm
canonical/ibm rational clearcase
version/ibm rational clearcase/7.1
version/ibm rational clearcase/7.1.0.1
version/ibm rational clearcase/7.1.0.2
version/ibm rational clearcase/7.1.1
version/ibm rational clearcase/7.1.1.1
version/ibm rational clearcase/7.1.1.2
version/ibm rational clearcase/7.1.1.3
version/ibm rational clearcase/7.1.1.4
version/ibm rational clearcase/7.1.1.5
version/ibm rational clearcase/7.1.1.6
version/ibm rational clearcase/7.1.1.7
version/ibm rational clearcase/7.1.1.8
version/ibm rational clearcase/7.1.1.9
version/ibm rational clearcase/7.1.2
version/ibm rational clearcase/7.1.2.1
version/ibm rational clearcase/7.1.2.2
version/ibm rational clearcase/7.1.2.3
version/ibm rational clearcase/7.1.2.4
version/ibm rational clearcase/7.1.2.5
version/ibm rational clearcase/7.1.2.6
version/ibm rational clearcase/7.1.2.7
version/ibm rational clearcase/7.1.2.9
version/ibm rational clearcase/7.1.2.10
version/ibm rational clearcase/7.1.2.11
version/ibm rational clearcase/7.1.2.12
version/ibm rational clearcase/7.1.2.13
version/ibm rational clearcase/7.1.2.14
version/ibm rational clearcase/8.0
version/ibm rational clearcase/8.0.0.1
version/ibm rational clearcase/8.0.0.2
version/ibm rational clearcase/8.0.0.3
version/ibm rational clearcase/8.0.0.4
version/ibm rational clearcase/8.0.0.5
version/ibm rational clearcase/8.0.0.6
version/ibm rational clearcase/8.0.0.7
version/ibm rational clearcase/8.0.0.8
version/ibm rational clearcase/8.0.0.9
version/ibm rational clearcase/8.0.0.10
version/ibm rational clearcase/8.0.0.11
version/ibm rational clearcase/8.0.1
version/ibm rational clearcase/8.0.1.1
version/ibm rational clearcase/8.0.1.2
version/ibm rational clearcase/8.0.1.3
version/ibm rational clearcase/8.0.1.4