CVE-2016-2922

Published on: 08/13/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Rational Clearquest from Ibm contain the following vulnerability:

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

  • CVE-2016-2922 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
IBM X-Force Exchange VDB Entry
Vendor Advisory
exchange.xforce.ibmcloud.com
text/html
URL Logo XF ibm-clearquest-cve20162922-spoofing(113353)
Security Bulletin: A security vulnerability in IBM Rational ClearQuest with SSL/TLS communications (CVE-2016-2922) Vendor Advisory
www.ibm.com
text/html
URL Logo CONFIRM www.ibm.com/support/docview.wss?uid=ibm10718377

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmRational ClearquestAllAllAllAll
ApplicationIbmRational ClearquestAllAllAllAll
ApplicationIbmRational ClearquestAllAllAllAll
ApplicationIbmRational ClearquestAllAllAllAll
  • cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*: