CVE-2014-6134: Infoleak
First published: Wed Mar 25 2015(Updated: )
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Installation Manager | <=1.8.1.0 | |
| IBM Rational ClearCase | =8.0.0 | |
| IBM Rational ClearCase | =8.0.0.1 | |
| IBM Rational ClearCase | =8.0.0.2 | |
| IBM Rational ClearCase | =8.0.0.3 | |
| IBM Rational ClearCase | =8.0.0.4 | |
| IBM Rational ClearCase | =8.0.0.5 | |
| IBM Rational ClearCase | =8.0.0.6 | |
| IBM Rational ClearCase | =8.0.0.7 | |
| IBM Rational ClearCase | =8.0.0.8 | |
| IBM Rational ClearCase | =8.0.0.9 | |
| IBM Rational ClearCase | =8.0.0.10 | |
| IBM Rational ClearCase | =8.0.0.11 | |
| IBM Rational ClearCase | =8.0.0.12 | |
| IBM Rational ClearCase | =8.0.0.13 | |
| IBM Rational ClearCase | =8.0.1 | |
| IBM Rational ClearCase | =8.0.1.1 | |
| IBM Rational ClearCase | =8.0.1.2 | |
| IBM Rational ClearCase | =8.0.1.3 | |
| IBM Rational ClearCase | =8.0.1.4 | |
| IBM Rational ClearCase | =8.0.1.5 | |
| IBM Rational ClearCase | =8.0.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6134?
CVE-2014-6134 has a medium severity level as it exposes cleartext server passwords in process memory.
How do I fix CVE-2014-6134?
To fix CVE-2014-6134, upgrade IBM Rational ClearCase to version 8.0.0.14 or 8.0.1.7 and ensure Installation Manager is updated to at least version 1.8.2.
What software is affected by CVE-2014-6134?
CVE-2014-6134 affects IBM Rational ClearCase versions 8.0.0 through 8.0.0.13 and 8.0.1 through 8.0.1.6 when Installation Manager versions up to 1.8.1.0 are used.
What type of vulnerability is CVE-2014-6134?
CVE-2014-6134 is an information disclosure vulnerability due to the retention of cleartext passwords in memory.
Who can exploit CVE-2014-6134?
Local users with access to the system can exploit CVE-2014-6134 to obtain sensitive information.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ibm
- canonical/ibm installation manager
- version/ibm installation manager/1.8.1.0
- canonical/ibm rational clearcase
- version/ibm rational clearcase/8.0.0
- version/ibm rational clearcase/8.0.0.1
- version/ibm rational clearcase/8.0.0.2
- version/ibm rational clearcase/8.0.0.3
- version/ibm rational clearcase/8.0.0.4
- version/ibm rational clearcase/8.0.0.5
- version/ibm rational clearcase/8.0.0.6
- version/ibm rational clearcase/8.0.0.7
- version/ibm rational clearcase/8.0.0.8
- version/ibm rational clearcase/8.0.0.9
- version/ibm rational clearcase/8.0.0.10
- version/ibm rational clearcase/8.0.0.11
- version/ibm rational clearcase/8.0.0.12
- version/ibm rational clearcase/8.0.0.13
- version/ibm rational clearcase/8.0.1
- version/ibm rational clearcase/8.0.1.1
- version/ibm rational clearcase/8.0.1.2
- version/ibm rational clearcase/8.0.1.3
- version/ibm rational clearcase/8.0.1.4
- version/ibm rational clearcase/8.0.1.5
- version/ibm rational clearcase/8.0.1.6