Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rational_clearcase | Ibm | 7.1 (including) | 7.1.0.2 (including) |
| Rational_clearcase | Ibm | 7.1.1 (including) | 7.1.1.9 (including) |
| Rational_clearcase | Ibm | 7.1.2 (including) | 7.1.2.13 (including) |
| Rational_clearcase | Ibm | 8.0 (including) | 8.0.0.10 (including) |
| Rational_clearcase | Ibm | 8.0.1 (including) | 8.0.1.3 (including) |