CVE-2014-3092
Last modified
CVE-2014-3092 is a vulnerability of currently unknown severity. IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.
Description
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Doors Next Generation | 4.0.0 |
| Ibm | Rational Doors Next Generation | 4.0.1 |
| Ibm | Rational Doors Next Generation | 4.0.2 |
| Ibm | Rational Doors Next Generation | 4.0.3 |
| Ibm | Rational Doors Next Generation | 4.0.4 |
| Ibm | Rational Doors Next Generation | 4.0.5 |
| Ibm | Rational Doors Next Generation | 4.0.6 |
| Ibm | Rational Doors Next Generation | 5.0 |
| Ibm | Rational Engineering Lifecycle Manager | 1.0 |
| Ibm | Rational Engineering Lifecycle Manager | 1.0.0.1 |
| Ibm | Rational Engineering Lifecycle Manager | 4.03 |
| Ibm | Rational Engineering Lifecycle Manager | 4.04 |
| Ibm | Rational Engineering Lifecycle Manager | 4.05 |
| Ibm | Rational Engineering Lifecycle Manager | 4.06 |
| Ibm | Rational Engineering Lifecycle Manager | 5.0 |
| Ibm | Rational Quality Manager | 2.0 |
| Ibm | Rational Quality Manager | 2.0.0.1 |
| Ibm | Rational Quality Manager | 2.0.0.2 |
| Ibm | Rational Quality Manager | 2.0.1 |
| Ibm | Rational Quality Manager | 2.0.1.1 |
| Ibm | Rational Quality Manager | 3.0 |
| Ibm | Rational Quality Manager | 3.0.1 |
| Ibm | Rational Quality Manager | 3.0.1.1 |
| Ibm | Rational Quality Manager | 3.0.1.2 |
| Ibm | Rational Quality Manager | 3.0.1.3 |
| Ibm | Rational Quality Manager | 3.0.1.4 |
| Ibm | Rational Quality Manager | 3.0.1.5 |
| Ibm | Rational Quality Manager | 3.0.1.6 |
| Ibm | Rational Quality Manager | 4.0 |
| Ibm | Rational Quality Manager | 4.0.0.1 |
| Ibm | Rational Quality Manager | 4.0.0.2 |
| Ibm | Rational Quality Manager | 4.0.1 |
| Ibm | Rational Quality Manager | 4.0.2 |
| Ibm | Rational Quality Manager | 4.0.3 |
| Ibm | Rational Quality Manager | 4.0.4 |
| Ibm | Rational Quality Manager | 4.0.5 |
| Ibm | Rational Quality Manager | 4.0.6 |
| Ibm | Rational Quality Manager | 5.0 |
| Ibm | Rational Requirements Composer | 2.0 |
| Ibm | Rational Requirements Composer | 2.0.0.1 |
| Ibm | Rational Requirements Composer | 2.0.0.2 |
| Ibm | Rational Requirements Composer | 2.0.0.3 |
| Ibm | Rational Requirements Composer | 2.0.0.4 |
| Ibm | Rational Requirements Composer | 3.0 |
| Ibm | Rational Requirements Composer | 3.0.1 |
| Ibm | Rational Requirements Composer | 3.0.1.1 |
| Ibm | Rational Requirements Composer | 3.0.1.2 |
| Ibm | Rational Requirements Composer | 3.0.1.3 |
| Ibm | Rational Requirements Composer | 3.0.1.4 |
| Ibm | Rational Requirements Composer | 3.0.1.5 |
Showing 50 of 105 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3092?
How severe is CVE-2014-3092?
How do I fix CVE-2014-3092?
Are you affected by CVE-2014-3092?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST