CVE-2014-3050 - OpenCVE

IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Rational Team Concert

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_team_concert:4.0:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.5:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.6:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:rational_team_concert:3.0:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21679192	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93436

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2014-07-29T20:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-04-29T00:00:00

Link: CVE-2014-3050

JSON object: View

NVD Information

Status : Modified

Published: 2014-07-29T20:55:08.130

Modified: 2017-08-29T01:34:36.797

Link: CVE-2014-3050

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192"}, {"name": "ibm-rtc-cve20143050-cred(93436)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3050", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192"}, {"name": "ibm-rtc-cve20143050-cred(93436)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93436"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3050", "datePublished": "2014-07-29T20:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors."}, {"lang": "es", "value": "IBM Rational Team Concert (RTC) 3.x anterior a 3.0.1.6 IF3 y 4.x anterior a 4.0.7 no integra debidamente con los motores build, lo que permite a usuarios remotos autenticados descubrir las credenciales a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-3050", "lastModified": "2017-08-29T01:34:36.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-29T20:55:08.130", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93436"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}