CVE-2014-6134

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.

Published: Mar 25, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-6134
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.2
AV:L/AC:H/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibm / installation_manager	-	1.8.1.0.x
ibm / rational_clearcase	8.0.0.10	8.0.0.10.x
ibm / rational_clearcase	8.0.0.12	8.0.0.12.x
ibm / rational_clearcase	8.0.0.11	8.0.0.11.x
ibm / rational_clearcase	8.0.1.4	8.0.1.4.x
ibm / rational_clearcase	8.0.1.2	8.0.1.2.x
ibm / rational_clearcase	8.0.0.1	8.0.0.1.x
ibm / rational_clearcase	8.0.1.3	8.0.1.3.x
ibm / rational_clearcase	8.0.0.5	8.0.0.5.x
ibm / rational_clearcase	8.0.1.5	8.0.1.5.x
ibm / rational_clearcase	8.0.0.7	8.0.0.7.x
ibm / rational_clearcase	8.0.0.2	8.0.0.2.x
ibm / rational_clearcase	8.0.1.1	8.0.1.1.x
ibm / rational_clearcase	8.0.0.4	8.0.0.4.x
ibm / rational_clearcase	8.0.0.8	8.0.0.8.x
ibm / rational_clearcase	8.0.0.13	8.0.0.13.x
ibm / rational_clearcase	8.0.1	8.0.1.x
ibm / rational_clearcase	8.0.0.9	8.0.0.9.x
ibm / rational_clearcase	8.0.0	8.0.0.x
ibm / rational_clearcase	8.0.1.6	8.0.1.6.x
ibm / rational_clearcase	8.0.0.6	8.0.0.6.x
ibm / rational_clearcase	8.0.0.3	8.0.0.3.x

http://www-01.ibm.com/support/docview.wss?uid=swg21688450

Vulnerability Database

289,871

CVE-2014-6134