Vulnerabilities > CVE-2014-0862 - Unspecified vulnerability in IBM Rational Collaborative Lifecycle Management

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ibm
critical
nessus
NVD
Published: 2014-03-02
Updated: 2017-08-29

Summary

Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Ibm
14

Nessus

NASL familyWindows
NASL idIBM_CLM_406.NASL
descriptionThe version of at least one IBM Rational Collaborative Lifecycle Management component installed on the remote Windows host is 3.x prior to 3.0.1.6 iFix2 or 4.x prior to 4.0.6. It is, therefore, potentially affected by an unspecified remote code execution vulnerability in the Jazz Team Server.
last seen2020-06-01
modified2020-06-02
plugin id72929
published2014-03-11
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/72929
titleIBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72929);
  script_version("1.4");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id("CVE-2014-0862");
  script_bugtraq_id(65900);

  script_name(english:"IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution");
  script_summary(english:"Checks version of IBM CLM components");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected
by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of at least one IBM Rational Collaborative Lifecycle
Management component installed on the remote Windows host is 3.x prior
to 3.0.1.6 iFix2 or 4.x prior to 4.0.6.  It is, therefore, potentially
affected by an unspecified remote code execution vulnerability in the
Jazz Team Server.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21664566");
  script_set_attribute(attribute:"solution", value:"Upgrade to IBM CLM 3.0.1.6 iFix2 / 4.0.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_collaborative_lifecycle_management");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("ibm_collaborative_lifecycle_management_installed.nbin");
  script_require_keys("SMB/IBM CLM/Path");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

paths = get_kb_list_or_exit("SMB/IBM CLM/Path");
paths = list_uniq(make_list(paths));

foreach path (paths)
{
  products = get_kb_list("SMB/IBM CLM/"+path+"/Components/*");
  if (products)
  {
    foreach product (keys(products))
    {
      version = products[product];
      product = product - ("SMB/IBM CLM/" + path + "/Components/");

      if (
        (
          'Required Base License Keys' >!< product &&
          'Trial keys for' >!< product
        ) &&
        (
          'Quality Management' >< product ||
          'Requirements Management' >< product ||
          'Change and Configuration Management' >< product ||
          ('Jazz Team Server and' >< product && ('CCM' >< product || 'QM' >< product || 'RM' >< product))
        )
      )
      {
        if (version =~ '^3\\.0\\.')
        {
          matches = eregmatch(pattern:'^([0-9\\.]+)( iFix ([0-9]+))?', string:version);
          if (matches)
          {
            ver = matches[1];
            if (max_index(matches) > 3)
              ifix = int(matches[3]);
            else
              ifix = 0;

            if (
              (ver_compare(ver:ver, fix:'3.0.1.6') < 0) ||
              (ver_compare(ver:ver, fix:'3.0.1.6') == 0 && ifix < 2)
            )
            {
              info +=
                '\n  Path              : ' + path +
                '\n  Component         : ' + product +
                '\n  Installed version : ' + version +
                '\n  Fixed version     : 3.0.1.6 iFix 2\n';
            }
          }
        }
        else if (version =~ '^4\\.0\\.')
        {
          if (ver_compare(ver:version, fix:'4.0.6') < 0)
          {
            info +=
              '\n  Path              : ' + path +
              '\n  Component         : ' + product +
              '\n  Installed version : ' + version +
              '\n  Fixed version     : 4.0.6\n';
          }
        }
      }
    }
  }
}

if (info)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0) security_hole(port:port, extra:info);
  else security_hole(port);
  exit(0);
}
audit(AUDIT_INST_VER_NOT_VULN, 'IBM Collaborative Lifecycle Management Application');

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 65900 CVE ID: CVE-2014-0862 Collaborative Lifecycle Management Applications是产品生命周期管理解决方案。 IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1.6 iFix 2之前版本、4.0.6之前版本中,Jazz Team Server存在安全漏洞,可使远程攻击者利用此漏洞执行任意代码。 0 IBM Collaborative Lifecycle Management Applications 4.x IBM Collaborative Lifecycle Management Applications 3.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www-01.ibm.com/software/rational/alm/collaborate/
    idSSV:61873
    last seen2017-11-19
    modified2014-03-20
    published2014-03-20
    reporterRoot
    titleIBM Collaborative Lifecycle Management Applications远程代码执行漏洞
  • bulletinFamilyexploit
    descriptionBugtraq ID:65900 CVE ID:CVE-2014-0862 IBM Rational Quality Manager是一款为完整的软件开发生命周期提供集成的测试计划和测试资产的协作的,基于Web的质量管理软件。 IBM Rational Quality Manager所包含的Jazz Team服务器存在未明错误,允许远程攻击者利用漏洞执行任意代码。 0 IBM Rational Quality Manager 2.x IBM Rational Quality Manager 3.x IBM Rational Quality Manager 4.x 厂商补丁: IBM ----- 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.ibm.com/support/docview.wss?uid=swg21664566
    idSSV:61615
    last seen2017-11-19
    modified2014-03-03
    published2014-03-03
    reporterRoot
    titleIBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞

References