CVE-2015-5039
Summary
| CVE | CVE-2015-5039 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-26 18:29:00 UTC |
| Updated | 2018-04-24 16:32:00 UTC |
| Description | The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Rational Clearcase | All | All | All | All |
| Application | Ibm | Rational Clearcase | All | All | All | All |
| Application | Ibm | Rational Clearcase | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: Vulnerability in IBM Rational ClearCase with SSL/TLS communications (CVE-2015-5039) | CONFIRM | www-01.ibm.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.