CVE-2016-2922

Severity CVSS v4.0:
Pending analysis
Type:
CWE-295 Improper Certificate Validation
Publication date:
13/08/2018
Last modified:
09/10/2019

Description

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:* 8.0.0.0 (including) 8.0.0.21 (including)
cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:* 8.0.1.0 (including) 8.0.1.17 (including)
cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:* 9.0.0.0 (including) 9.0.0.6 (including)
cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:* 9.0.1.0 (including) 9.0.1.3 (including)