CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21682787	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94258

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:::::::*
	cpe:2.3:a:ibm:rational_doors_next_generation:5.0:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.03:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.04:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.05:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.06:::::::*
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.5:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.6:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:5.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:::::::*
	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:::::::*
	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:2.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.3:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.4:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.5:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0:::::::*

History

No history.

Information

Published : 2014-09-12 01:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-3092

Mitre link : CVE-2014-3092

CVE.ORG link : CVE-2014-3092

JSON object : View

Products Affected

ibm

rational_team_concert
rational_engineering_lifecycle_manager
rational_doors_next_generation
rational_requirements_composer
rational_quality_manager
rational_rhapsody_design_manager
rational_software_architect_design_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.0 /10