Closed as program error.
UCM-CQ on Linux/AIX: user login credentials in plain-text by ps -ef command Was Reproduced in house, on 220.127.116.11. Note the customer is on 7. 0.1.1 iFix02 Steps to Repro' 1. So I brought up xclearcase on AIX 2. During a 'checkout' I selected the 'new' button to create a n ew UCM baseActivity record. 3. At that point I saw the following process running (it shows t he database username and password in cleartext). 4.The customer reproduced this with -cmd find (probably trying t o search for all activities or something like that).. so I'm sur e there are more cases that just submit where we are passing thi s data. Did this on both AIX and Linux. The in house repro output is: judyh 22598 27544 90 17:29:21 pts/2 0:01 /opt/rational/clearqu est/aix4_power/bin/../../../common/java/jre/bin/java -cp /opt/ra tional/clearquest/rcp/plugins/com.ibm.rational.clearquest.ucm.rc p_7.0.0/ucmrcp.jar com.ibm.rational.clearquest.ucm.cmdline.UCMCm dLine -cmd submit -m 7.0.0 -d judy -u judy -p cag -rec BaseCMAct ivity -return_id /tmp/tmp28807
A security vulnerability exists in ClearCase version 7.
A fix is available in ClearCase versions 18.104.22.168, 22.214.171.124, and 126.96.36.199.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.