CVE-2015-5039

{"id": "CVE-2015-5039", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2018-03-26T18:29:00.440", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."}, {"lang": "es", "value": "El cliente remoto y las integraciones de gesti\u00f3n de cambio en las versiones 7.1.x y 8.0.0.x de IBM Rational ClearCase anteriores a la 8.0.0.18 y en las versiones 8.0.1.x anteriores a la 8.0.1.11, no valida correctamente los nombres de host en certificados X.509 de los servidores SSL, lo cual permite a atacantes remotos suplantar estos servidores y obtener informaci\u00f3n sensible o modificar el tr\u00e1fico de red mediante un certificado manipulado. IBM X-Force ID: 106715."}], "lastModified": "2018-04-24T16:32:29.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925901D0-7CB9-42E3-B354-B1B5CF416461", "versionEndIncluding": "7.1.2.16", "versionStartIncluding": "7.1"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "383652E4-DC7F-445F-A4BE-AB8142D1CD02", "versionEndIncluding": "8.0.0.17", "versionStartExcluding": "8.0"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "375FBC6F-C565-4AB4-AFAA-65748660B34C", "versionEndIncluding": "8.0.1.10", "versionStartIncluding": "8.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}