SSL Certificate Validation Bypass in IBM Rational ClearQuest

SSL Certificate Validation Bypass in IBM Rational ClearQuest

CVE-2016-2922 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

Learn more about our Cis Benchmark Audit For Server Software.