Vulnerabilites related to IBM - Rational ClearQuest
CVE-2016-2922 (GCVE-0-2016-2922)
Vulnerability from cvelistv5
Published
2018-08-13 16:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational ClearQuest |
Version: 8.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 8.0.1 Version: 8.0.0.8 Version: 8.0.1.1 Version: 8.0.0.9 Version: 8.0.0.10 Version: 8.0.0.11 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 8.0.0.12 Version: 8.0.1.5 Version: 8.0.0.13 Version: 8.0.1.6 Version: 8.0.0.14 Version: 8.0.1.7 Version: 8.0.0.15 Version: 8.0.1.8 Version: 8.0.0.16 Version: 8.0.1.9 Version: 8.0.0.17 Version: 8.0.1.10 Version: 8.0.0.18 Version: 8.0.1.11 Version: 9.0 Version: 9.0.0.1 Version: 8.0.0.19 Version: 8.0.1.12 Version: 9.0.0.2 Version: 8.0.0.20 Version: 8.0.1.13 Version: 9.0.0.3 Version: 8.0.0.21 Version: 8.0.1.14 Version: 9.0.0.4 Version: 9.0.1 Version: 8.0.1.15 Version: 9.0.0.5 Version: 9.0.1.1 Version: 8.0.1.16 Version: 9.0.0.6 Version: 9.0.1.2 Version: 8.0.1.17 Version: 9.0.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
},
{
"name": "ibm-clearquest-cve20162922-spoofing(113353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational ClearQuest",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.1.1"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "8.0.0.13"
},
{
"status": "affected",
"version": "8.0.1.6"
},
{
"status": "affected",
"version": "8.0.0.14"
},
{
"status": "affected",
"version": "8.0.1.7"
},
{
"status": "affected",
"version": "8.0.0.15"
},
{
"status": "affected",
"version": "8.0.1.8"
},
{
"status": "affected",
"version": "8.0.0.16"
},
{
"status": "affected",
"version": "8.0.1.9"
},
{
"status": "affected",
"version": "8.0.0.17"
},
{
"status": "affected",
"version": "8.0.1.10"
},
{
"status": "affected",
"version": "8.0.0.18"
},
{
"status": "affected",
"version": "8.0.1.11"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.19"
},
{
"status": "affected",
"version": "8.0.1.12"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.20"
},
{
"status": "affected",
"version": "8.0.1.13"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.21"
},
{
"status": "affected",
"version": "8.0.1.14"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "8.0.1.15"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.0.1.1"
},
{
"status": "affected",
"version": "8.0.1.16"
},
{
"status": "affected",
"version": "9.0.0.6"
},
{
"status": "affected",
"version": "9.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.17"
},
{
"status": "affected",
"version": "9.0.1.3"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
},
{
"name": "ibm-clearquest-cve20162922-spoofing(113353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2016-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational ClearQuest",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.1.1"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "8.0.0.13"
},
{
"version_value": "8.0.1.6"
},
{
"version_value": "8.0.0.14"
},
{
"version_value": "8.0.1.7"
},
{
"version_value": "8.0.0.15"
},
{
"version_value": "8.0.1.8"
},
{
"version_value": "8.0.0.16"
},
{
"version_value": "8.0.1.9"
},
{
"version_value": "8.0.0.17"
},
{
"version_value": "8.0.1.10"
},
{
"version_value": "8.0.0.18"
},
{
"version_value": "8.0.1.11"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.19"
},
{
"version_value": "8.0.1.12"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "8.0.0.20"
},
{
"version_value": "8.0.1.13"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.21"
},
{
"version_value": "8.0.1.14"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.0.1.15"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.0.1.1"
},
{
"version_value": "8.0.1.16"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "9.0.1.2"
},
{
"version_value": "8.0.1.17"
},
{
"version_value": "9.0.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
},
{
"name": "ibm-clearquest-cve20162922-spoofing(113353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2922",
"datePublished": "2018-08-13T16:00:00Z",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-09-16T23:10:24.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}