CVE-2013-5373

medium

Published 2013-09-25 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21648811

Application impact

Vendor	Product	Versions
ibm	rational_clearcase	`8.0.0.3`
ibm	rational_clearcase	`8.0.0.4`
ibm	rational_clearcase	`8.0.0.5`
ibm	rational_clearcase	`8.0.0.6`
ibm	rational_clearcase	`8.0.0.7`
ibm	rational_clearcase	`8.0.1`

References

http://www-01.ibm.com/support/docview.wss?uid=swg21648811
https://exchange.xforce.ibmcloud.com/vulnerabilities/86791
http://www-01.ibm.com/support/docview.wss?uid=swg21648811
https://exchange.xforce.ibmcloud.com/vulnerabilities/86791

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.