Vulnerability Description
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Clearquest | >= 8.0.0.0, <= 8.0.0.21 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
FAQ
What is CVE-2016-2922?
CVE-2016-2922 is a vulnerability with a CVSS score of 3.7 (LOW). IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-midd...
How severe is CVE-2016-2922?
CVE-2016-2922 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2922?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Clearquest.