CVE-2014-0950
Description
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
0.452
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-3041,CVE-2014-0950,CVE-2014-8925,CVE-2015-4996 are affected in IBM Rational ClearQuest 7.1.1.9 | Windows |
| Vulnerabilities CVE-2014-0950,CVE-2014-8925 are affected in IBM Rational ClearQuest 7.1.2.13 | Windows |
| Vulnerabilities CVE-2014-0950,CVE-2014-8925,CVE-2015-4996 are affected in IBM Rational ClearQuest 8.0.0.10 | Windows |
| Vulnerabilities CVE-2014-0950,CVE-2014-8925,CVE-2015-4996 are affected in IBM Rational ClearQuest 8.0.1.3 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234