Vulnerabilities > CVE-2014-0862 - Unspecified vulnerability in IBM Rational Collaborative Lifecycle Management
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | IBM_CLM_406.NASL |
description | The version of at least one IBM Rational Collaborative Lifecycle Management component installed on the remote Windows host is 3.x prior to 3.0.1.6 iFix2 or 4.x prior to 4.0.6. It is, therefore, potentially affected by an unspecified remote code execution vulnerability in the Jazz Team Server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72929 |
published | 2014-03-11 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72929 |
title | IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution |
code |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 65900 CVE ID: CVE-2014-0862 Collaborative Lifecycle Management Applications是产品生命周期管理解决方案。 IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1.6 iFix 2之前版本、4.0.6之前版本中,Jazz Team Server存在安全漏洞,可使远程攻击者利用此漏洞执行任意代码。 0 IBM Collaborative Lifecycle Management Applications 4.x IBM Collaborative Lifecycle Management Applications 3.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www-01.ibm.com/software/rational/alm/collaborate/ id SSV:61873 last seen 2017-11-19 modified 2014-03-20 published 2014-03-20 reporter Root title IBM Collaborative Lifecycle Management Applications远程代码执行漏洞 bulletinFamily exploit description Bugtraq ID:65900 CVE ID:CVE-2014-0862 IBM Rational Quality Manager是一款为完整的软件开发生命周期提供集成的测试计划和测试资产的协作的,基于Web的质量管理软件。 IBM Rational Quality Manager所包含的Jazz Team服务器存在未明错误,允许远程攻击者利用漏洞执行任意代码。 0 IBM Rational Quality Manager 2.x IBM Rational Quality Manager 3.x IBM Rational Quality Manager 4.x 厂商补丁: IBM ----- 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.ibm.com/support/docview.wss?uid=swg21664566 id SSV:61615 last seen 2017-11-19 modified 2014-03-03 published 2014-03-03 reporter Root title IBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞