Vulnerability Name:

CVE-2014-0862 (CCN-90895)

Assigned:2014-02-28
Published:2014-02-28
Updated:2017-08-29
Summary:Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-0862

Source: CCN
Type: SA57201
IBM Rational Quality Manager Jazz Team Server Unspecified Code Execution Vulnerability

Source: CCN
Type: SA57210
IBM Rational Team Concert Jazz Team Server Unspecified Code Execution Vulnerability

Source: CCN
Type: SA57343
IBM Rational Policy Tester Jazz Team Server OSGi Java Code Execution Vulnerability

Source: CCN
Type: SA57364
IBM Security AppScan Jazz Team Server OSGi Java Code Execution Vulnerability

Source: CCN
Type: SA57516
IBM Rational Engineering Lifecycle Manager Jazz Team Server OSGi Java Code Execution Vulnerability

Source: CCN
Type: SA57549
IBM Rational Focal Point Jazz Team Server OSGi Java Code Execution Vulnerability

Source: CCN
Type: IBM Security Bulletin 1664566
Critical security vulnerability in Jazz Team Server affecting all CLM Applications (CVE-2014-0862)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21664566

Source: CCN
Type: IBM Security Bulletin 1667506
Remote code execution vulnerability in the Jazz Team Server component of IBM Security AppScan Enterprise (CVE-2014-0862)

Source: CCN
Type: IBM Security Bulletin 1667507
Security Bulletin: Remote code execution vulnerability in the Jazz Team Server component of IBM Rational Policy Tester (CVE-2014-0862)

Source: CCN
Type: IBM Security Bulletin 1667753
IBM Security Bulletin: Critical security vulnerability in Jazz Team Server affecting IBM Rational Engineering Lifecycle Manager Application (CVE-2014-0862) - United States

Source: CCN
Type: IBM Security Bulletin 1668431
IBM Security Bulletin: Critical security vulnerability in Jazz component affecting IBM Rational Focal Point (CVE-2014-0862) - United States

Source: CCN
Type: IBM Security Bulletin 1671357
Critical security vulnerability in Jazz Team Server affecting Rational Software Architect Design Manager and Rational Rhapsody Design Manager (CVE-2014-0862)

Source: CCN
Type: IBM Security Bulletin 1678323
Security vulnerabilities in Rational Software Architect Design Manager and Rational Rhapsody Design Manager (CVE-2014-0947 , CVE-2014-0948 )

Source: CCN
Type: BID-65900
Collaborative Lifecycle Management Applications Unspecified Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
ibm-jazz-cve20140862-rce(90895)

Source: XF
Type: UNKNOWN
ibm-rationalclm-cve20140862-rce(90895)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:rational_policy_tester:8.5.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_focal_point:6.5.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm rational collaborative lifecycle management 3.0.0
    ibm rational collaborative lifecycle management 3.0.1
    ibm rational collaborative lifecycle management 3.0.1.1
    ibm rational collaborative lifecycle management 3.0.1.2
    ibm rational collaborative lifecycle management 3.0.1.3
    ibm rational collaborative lifecycle management 3.0.1.4
    ibm rational collaborative lifecycle management 3.0.1.5
    ibm rational collaborative lifecycle management 3.0.1.6
    ibm rational collaborative lifecycle management 4.0.0
    ibm rational collaborative lifecycle management 4.0.1
    ibm rational collaborative lifecycle management 4.0.2
    ibm rational collaborative lifecycle management 4.0.3
    ibm rational collaborative lifecycle management 4.0.4
    ibm rational collaborative lifecycle management 4.0.5
    ibm rational policy tester 8.5.0.0
    ibm security appscan 8.5.0.0 -
    ibm security appscan 8.6.0.0 -
    ibm rational requirements composer 4.0
    ibm security appscan 8.7.0.0 -
    ibm rational engineering lifecycle manager 1.0
    ibm rational engineering lifecycle manager 1.0.0.1
    ibm rational software architect design manager 3.0
    ibm rational software architect design manager 3.0.0.1
    ibm rational software architect design manager 3.0.1
    ibm rational software architect design manager 4.0
    ibm rational software architect design manager 4.0.1
    ibm rational software architect design manager 4.0.2
    ibm rational focal point 6.5.2
    ibm rational focal point 6.5.2.3
    ibm rational focal point 6.6
    ibm rational requirements composer 3.0.1
    ibm rational requirements composer 3.0.1.6
    ibm rational focal point 6.6.1
    ibm rational focal point 6.6.0.1
    ibm rational focal point 6.5.1
    ibm rational software architect design manager 4.0.3
    ibm rational software architect design manager 4.0.4
    ibm rational engineering lifecycle manager 4.0.3
    ibm rational engineering lifecycle manager 4.0.4
    ibm rational engineering lifecycle manager 4.0.5
    ibm rational requirements composer 4.0.5
    ibm rational doors next generation 4.0.1
    ibm rational doors next generation 4.0.5
    ibm rational software architect design manager 4.0.5
    ibm rational focal point 6.5
    ibm security appscan 8.7.0.0 -
    ibm rational software architect design manager 4.0.6
    ibm rational collaborative lifecycle management 3.0.1
    ibm rational collaborative lifecycle management 4.0
    ibm rational focal point 6.5.1.1