The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Rational ClearCase

computer vulnerability alert CVE-2019-4269

IBM WebSphere AS: information disclosure via Admin Console

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Admin Console of IBM WebSphere AS, in order to obtain sensitive information.
Impacted products: Rational ClearCase, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 27/06/2019.
Identifiers: CVE-2019-4269, ibm10884032, ibm10957573, VIGILANCE-VUL-29636.

Description of the vulnerability

An attacker can bypass access restrictions to data via Admin Console of IBM WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-4080

WebSphere AS: infinite loop via Admin Console

Synthesis of the vulnerability

An attacker can trigger an infinite loop via Admin Console of WebSphere AS, in order to trigger a denial of service.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 27/03/2019.
Identifiers: CVE-2019-4080, ibm10875692, ibm10880551, ibm10884894, VIGILANCE-VUL-28864.

Description of the vulnerability

An attacker can trigger an infinite loop via Admin Console of WebSphere AS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1902

WebSphere AS: privilege escalation via Spoof Connection Information

Synthesis of the vulnerability

An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Impacted products: Rational ClearCase, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet server.
Creation date: 08/03/2019.
Identifiers: CVE-2018-1902, ibm10795115, ibm10876438, ibm10877000, ibm10884082, swg27048591, VIGILANCE-VUL-28690.

Description of the vulnerability

An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1890

IBM Java: privilege escalation via RPATH

Synthesis of the vulnerability

An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Impacted products: AIX, IBM API Connect, IBM i, Rational ClearCase, Security Directory Server, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/03/2019.
Identifiers: CVE-2018-1890, ibm10873042, ibm10875554, ibm10878234, ibm10878236, ibm10878376, ibm10882598, ibm10883400, ibm10885024, SUSE-SU-2019:0617-1, VIGILANCE-VUL-28666.

Description of the vulnerability

An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-4030

WebSphere AS: Cross Site Scripting via Admin Console

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Admin Console of WebSphere AS, in order to run JavaScript code in the context of the web site.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/03/2019.
Identifiers: CVE-2019-4030, ibm10869406, ibm10876436, ibm10876986, swg27048591, VIGILANCE-VUL-28651.

Description of the vulnerability

The WebSphere AS product offers a web service.

However, it does not filter received data via Admin Console before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Admin Console of WebSphere AS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Blue Coat CAS, Debian, AIX, IBM i, Rational ClearCase, Tivoli Storage Manager, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1996

WebSphere AS: information disclosure via TLS Configuration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via TLS Configuration of WebSphere AS, in order to obtain sensitive information.
Impacted products: Rational ClearCase, Security Directory Server, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 20/02/2019.
Identifiers: 154650, CVE-2018-1996, ibm10793421, ibm10874404, ibm10876442, ibm10878821, swg27048591, VIGILANCE-VUL-28559.

Description of the vulnerability

An attacker can bypass access restrictions to data via TLS Configuration of WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-4059

IBM Rational ClearCase: privilege escalation via GIT Connector Password

Synthesis of the vulnerability

An attacker can bypass restrictions via GIT Connector Password of IBM Rational ClearCase, in order to escalate his privileges.
Impacted products: Rational ClearCase.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 13/02/2019.
Identifiers: CVE-2019-4059, ibm10870810, VIGILANCE-VUL-28492.

Description of the vulnerability

An attacker can bypass restrictions via GIT Connector Password of IBM Rational ClearCase, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Debian, HP-UX, IBM i, Rational ClearCase, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, DSA-4422-1, HPESBUX03950, ibm10869064, ibm10872490, ibm10876972, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28330.

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1904

WebSphere AS: code execution via Unserialized Object

Synthesis of the vulnerability

An attacker can use a vulnerability via Unserialized Object of WebSphere AS, in order to run code.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet server.
Creation date: 11/12/2018.
Identifiers: CVE-2018-1904, ibm10738735, ibm10791781, ibm10793333, VIGILANCE-VUL-27996.

Description of the vulnerability

An attacker can use a vulnerability via Unserialized Object of WebSphere AS, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Rational ClearCase: