Search criteria

126 vulnerabilities found for rational_clearquest by ibm

FKIE_CVE-2024-28796

Vulnerability from fkie_nvd - Published: 2024-07-17 19:15 - Updated: 2024-11-21 09:06
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/286833VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7160390Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/286833VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7160390Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74BDBA2-AE21-4EB3-A836-336941D650B4",
              "versionEndExcluding": "9.1.0.7",
              "versionStartIncluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
    },
    {
      "lang": "es",
      "value": "IBM ClearQuest (CQ) 9.1 a 9.1.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 286833."
    }
  ],
  "id": "CVE-2024-28796",
  "lastModified": "2024-11-21T09:06:56.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-17T19:15:10.937",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7160390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7160390"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2016-2922

Vulnerability from fkie_nvd - Published: 2018-08-13 16:29 - Updated: 2024-11-21 02:49
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49EE604-3C2F-4D13-9573-0F9D966A236C",
              "versionEndIncluding": "8.0.0.21",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1560BFE-237C-452C-943A-4D8EB7AC6806",
              "versionEndIncluding": "8.0.1.17",
              "versionStartIncluding": "8.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA0B1EA-9D53-46A3-AE22-9FE2FAA55693",
              "versionEndIncluding": "9.0.0.6",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA3A182-A86B-4A19-B721-A333AF1E20DE",
              "versionEndIncluding": "9.0.1.3",
              "versionStartIncluding": "9.0.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest desde la versi\u00f3n 8.0 hasta la 8.0.1.9 y desde la 9.0 hasta la 9.0.1.3 (CQ OSLC linkages, EmailRelay) fracasa a la hora de comprobar el certificado SSL contra el nombre de host solicitado. Est\u00e1 sujeto a un ataque Man-in-the-Middle (MitM) con un servidor de suplantaci\u00f3n que observa todos los datos transmitidos al servidor real. IBM X-Force ID: 113353."
    }
  ],
  "id": "CVE-2016-2922",
  "lastModified": "2024-11-21T02:49:01.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-13T16:29:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-0950

Vulnerability from fkie_nvd - Published: 2018-04-20 21:29 - Updated: 2024-11-21 02:03
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21675164Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/92623VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21675164Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/92623VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3933A6A-CFD4-41B9-BF65-8100C0C93DE5",
              "versionEndIncluding": "7.1.1.9",
              "versionStartIncluding": "7.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5FCFE9-E734-4B5E-BA7F-0934AA080FC8",
              "versionEndIncluding": "7.1.2.13",
              "versionStartIncluding": "7.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49E5999-38E4-4C4F-BF76-E284E1D97D53",
              "versionEndIncluding": "8.0.0.10",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3792D419-1791-46AA-BB3E-E432D470CB2D",
              "versionEndIncluding": "8.0.1.3",
              "versionStartIncluding": "8.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, (2) el cliente ClearQuest Native, (3) el cliente ClearQuest Eclipse y (4) los componentes ClearQuest Eclipse Designer en IBM Rational ClearCase 7.1.1 hasta 7.1.1.9, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92623."
    }
  ],
  "id": "CVE-2014-0950",
  "lastModified": "2024-11-21T02:03:05.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-20T21:29:00.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-4996

Vulnerability from fkie_nvd - Published: 2016-01-02 05:59 - Updated: 2025-04-12 10:46
Severity ?
5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972331Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034558
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972331Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034558
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 7.1.2.12
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.0.8
ibm rational_clearquest 8.0.0.9
ibm rational_clearquest 8.0.0.10
ibm rational_clearquest 8.0.0.11
ibm rational_clearquest 8.0.0.12
ibm rational_clearquest 8.0.0.13
ibm rational_clearquest 8.0.0.14
ibm rational_clearquest 8.0.0.15
ibm rational_clearquest 8.0.0.16
ibm rational_clearquest 8.0.1
ibm rational_clearquest 8.0.1.1
ibm rational_clearquest 8.0.1.2
ibm rational_clearquest 8.0.1.3
ibm rational_clearquest 8.0.1.4
ibm rational_clearquest 8.0.1.5
ibm rational_clearquest 8.0.1.7
ibm rational_clearquest 8.0.1.8
ibm rational_clearquest 8.0.1.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "73013249-31FF-41E5-BEB9-23856068644D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0DD7F6-3716-43FD-8C2F-EE14F7B54C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9162F1-625B-41DB-984A-536E9AD9DD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E501CB80-071F-49D8-A644-25A484814E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82661974-6B4F-4A0E-9870-2DD9CB463D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9299680-854F-4986-B308-94A0038D3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55365B6-7997-4D11-B21E-CF30659F0A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED314FE-24CB-4C32-B174-EE9D77771256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4E9664-66F6-43D5-8D23-0A0F872C52B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FFE056-CF92-4FC9-A4D7-B1EAFEB36E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9823C815-0526-4D11-A705-B00385608D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C801C-C068-4E73-8B16-D65B52BFB3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB872E39-0DFA-4AF8-8AE0-312F169FABE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EB6365-1BB1-4269-8419-02D2177BEBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADF149-66EB-4E83-8C4F-8B9AFB60987A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "76250E06-A2EF-4ADC-B493-3F4D4022F576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5672FE86-0EF2-4A3C-9189-D9E123CE8469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C220127B-18F8-4727-A7DD-9014A5485BC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4996",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T05:59:02.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034558"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-8925

Vulnerability from fkie_nvd - Published: 2015-03-25 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21699148Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21699148Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 7.1.2.12
ibm rational_clearquest 7.1.2.13
ibm rational_clearquest 7.1.2.14
ibm rational_clearquest 7.1.2.15
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.0.8
ibm rational_clearquest 8.0.0.9
ibm rational_clearquest 8.0.0.10
ibm rational_clearquest 8.0.0.11
ibm rational_clearquest 8.0.0.12
ibm rational_clearquest 8.0.1
ibm rational_clearquest 8.0.1.1
ibm rational_clearquest 8.0.1.2
ibm rational_clearquest 8.0.1.3
ibm rational_clearquest 8.0.1.4
ibm rational_clearquest 8.0.1.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "73013249-31FF-41E5-BEB9-23856068644D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB32FAB-070C-4F26-A755-A75910B23F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "36185A72-1DF5-4A9E-816F-7D0800AC8CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54F5BE0-9424-46A8-A823-AE3B0F85014D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0DD7F6-3716-43FD-8C2F-EE14F7B54C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9162F1-625B-41DB-984A-536E9AD9DD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E501CB80-071F-49D8-A644-25A484814E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82661974-6B4F-4A0E-9870-2DD9CB463D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9299680-854F-4986-B308-94A0038D3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9823C815-0526-4D11-A705-B00385608D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C801C-C068-4E73-8B16-D65B52BFB3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB872E39-0DFA-4AF8-8AE0-312F169FABE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EB6365-1BB1-4269-8419-02D2177BEBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADF149-66EB-4E83-8C4F-8B9AFB60987A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que provocan un cierre de sesi\u00f3n o insertan secuencias de XSS."
    }
  ],
  "id": "CVE-2014-8925",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-03-25T01:59:12.173",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3041

Vulnerability from fkie_nvd - Published: 2013-10-01 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21648086Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84724
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21648086Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84724
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
    },
    {
      "lang": "es",
      "value": "El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener informaci\u00f3n sensible del flujo de datos cliente-servidor a trav\u00e9s de vectores no especificados asociados con un \"ataque de secuestro JSON\"."
    }
  ],
  "id": "CVE-2013-3041",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T00:55:12.880",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-0598

Vulnerability from fkie_nvd - Published: 2013-09-28 03:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM88185
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21648665Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83611
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21648665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83611
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF en el cliente Web en IBM Rational ClearQuest v7.1 anterior a v7.1.2.12, v8.0 anterior a v8.0.0.8 y v8.0.1 anterior a v8.0.1.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2013-0598",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-28T03:40:55.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-5757

Vulnerability from fkie_nvd - Published: 2013-03-21 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21619993Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80061
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21619993Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80061
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Ejecuci\u00f3n de secuiencias de comandos en sitios cruzados (XSS) en el cliente web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.10 y  v8.x antes de v8.0.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL maliciosa."
    }
  ],
  "id": "CVE-2012-5757",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-03-21T20:55:00.907",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-5765

Vulnerability from fkie_nvd - Published: 2012-12-20 12:02 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM72905Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21620048Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80211
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21620048Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80211
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
    },
    {
      "lang": "es",
      "value": "El Cliente Web (tambi\u00e9n conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.5 antes de v8.0.0.x permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados que desencadenan un mensaje de error de SQL."
    }
  ],
  "id": "CVE-2012-5765",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-20T12:02:19.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-4839

Vulnerability from fkie_nvd - Published: 2012-12-20 12:02 - Updated: 2025-04-11 00:51
Severity ?
Summary
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21620342Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id?1027889
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21620342Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027889
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79068
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
    },
    {
      "lang": "es",
      "value": "La interfaz OSLC en el cliente Web (tambi\u00e9n conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.x antes de v8.0.0.5 permite a atacantes remotos para realizar ataques de phishing a trav\u00e9s de un elemento FRAME."
    }
  ],
  "id": "CVE-2012-4839",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-12-20T12:02:17.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1027889"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-28796 (GCVE-0-2024-28796)

Vulnerability from cvelistv5 – Published: 2024-07-17 18:14 – Updated: 2024-08-02 00:56
VLAI?
Summary
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM ClearQuest Affected: 9.1 , ≤ 9.1.0.6 (semver)
    cpe:2.3:a:ibm:rational_clearquest:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rational_clearquest:9.1.0.6:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T13:18:51.348465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T14:33:18.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7160390"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:rational_clearquest:9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:rational_clearquest:9.1.0.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "9.1.0.6",
              "status": "affected",
              "version": "9.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
            }
          ],
          "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T18:14:45.862Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7160390"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28796",
    "datePublished": "2024-07-17T18:14:45.862Z",
    "dateReserved": "2024-03-10T12:23:33.662Z",
    "dateUpdated": "2024-08-02T00:56:58.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2922 (GCVE-0-2016-2922)

Vulnerability from cvelistv5 – Published: 2018-08-13 16:00 – Updated: 2024-09-16 23:10
VLAI?
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
Severity ?
3.7 (Low)
CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
CWE
  • Obtain Information
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Rational ClearQuest Affected: 8.0
Affected: 8.0.0.1
Affected: 8.0.0.2
Affected: 8.0.0.3
Affected: 8.0.0.4
Affected: 8.0.0.5
Affected: 8.0.0.6
Affected: 8.0.0.7
Affected: 8.0.1
Affected: 8.0.0.8
Affected: 8.0.1.1
Affected: 8.0.0.9
Affected: 8.0.0.10
Affected: 8.0.0.11
Affected: 8.0.1.2
Affected: 8.0.1.3
Affected: 8.0.1.4
Affected: 8.0.0.12
Affected: 8.0.1.5
Affected: 8.0.0.13
Affected: 8.0.1.6
Affected: 8.0.0.14
Affected: 8.0.1.7
Affected: 8.0.0.15
Affected: 8.0.1.8
Affected: 8.0.0.16
Affected: 8.0.1.9
Affected: 8.0.0.17
Affected: 8.0.1.10
Affected: 8.0.0.18
Affected: 8.0.1.11
Affected: 9.0
Affected: 9.0.0.1
Affected: 8.0.0.19
Affected: 8.0.1.12
Affected: 9.0.0.2
Affected: 8.0.0.20
Affected: 8.0.1.13
Affected: 9.0.0.3
Affected: 8.0.0.21
Affected: 8.0.1.14
Affected: 9.0.0.4
Affected: 9.0.1
Affected: 8.0.1.15
Affected: 9.0.0.5
Affected: 9.0.1.1
Affected: 8.0.1.16
Affected: 9.0.0.6
Affected: 9.0.1.2
Affected: 8.0.1.17
Affected: 9.0.1.3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
          },
          {
            "name": "ibm-clearquest-cve20162922-spoofing(113353)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.13"
            },
            {
              "status": "affected",
              "version": "8.0.1.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.14"
            },
            {
              "status": "affected",
              "version": "8.0.1.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.15"
            },
            {
              "status": "affected",
              "version": "8.0.1.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.16"
            },
            {
              "status": "affected",
              "version": "8.0.1.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.17"
            },
            {
              "status": "affected",
              "version": "8.0.1.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.18"
            },
            {
              "status": "affected",
              "version": "8.0.1.11"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.19"
            },
            {
              "status": "affected",
              "version": "8.0.1.12"
            },
            {
              "status": "affected",
              "version": "9.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.20"
            },
            {
              "status": "affected",
              "version": "8.0.1.13"
            },
            {
              "status": "affected",
              "version": "9.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.21"
            },
            {
              "status": "affected",
              "version": "8.0.1.14"
            },
            {
              "status": "affected",
              "version": "9.0.0.4"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.15"
            },
            {
              "status": "affected",
              "version": "9.0.0.5"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.16"
            },
            {
              "status": "affected",
              "version": "9.0.0.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.17"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-13T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
        },
        {
          "name": "ibm-clearquest-cve20162922-spoofing(113353)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-09T00:00:00",
          "ID": "CVE-2016-2922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational ClearQuest",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.1.1"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "8.0.0.13"
                          },
                          {
                            "version_value": "8.0.1.6"
                          },
                          {
                            "version_value": "8.0.0.14"
                          },
                          {
                            "version_value": "8.0.1.7"
                          },
                          {
                            "version_value": "8.0.0.15"
                          },
                          {
                            "version_value": "8.0.1.8"
                          },
                          {
                            "version_value": "8.0.0.16"
                          },
                          {
                            "version_value": "8.0.1.9"
                          },
                          {
                            "version_value": "8.0.0.17"
                          },
                          {
                            "version_value": "8.0.1.10"
                          },
                          {
                            "version_value": "8.0.0.18"
                          },
                          {
                            "version_value": "8.0.1.11"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.19"
                          },
                          {
                            "version_value": "8.0.1.12"
                          },
                          {
                            "version_value": "9.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.20"
                          },
                          {
                            "version_value": "8.0.1.13"
                          },
                          {
                            "version_value": "9.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.21"
                          },
                          {
                            "version_value": "8.0.1.14"
                          },
                          {
                            "version_value": "9.0.0.4"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.0.1.15"
                          },
                          {
                            "version_value": "9.0.0.5"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.1.16"
                          },
                          {
                            "version_value": "9.0.0.6"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.17"
                          },
                          {
                            "version_value": "9.0.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
            },
            {
              "name": "ibm-clearquest-cve20162922-spoofing(113353)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2922",
    "datePublished": "2018-08-13T16:00:00Z",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:10:24.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0950 (GCVE-0-2014-0950)

Vulnerability from cvelistv5 – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
          },
          {
            "name": "ibm-clearquest-cve20140950-info-disc(92623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
        },
        {
          "name": "ibm-clearquest-cve20140950-info-disc(92623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
            },
            {
              "name": "ibm-clearquest-cve20140950-info-disc(92623)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0950",
    "datePublished": "2018-04-20T21:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4996 (GCVE-0-2015-4996)

Vulnerability from cvelistv5 – Published: 2016-01-02 02:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034558",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1034558",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034558",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034558"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4996",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8925 (GCVE-0-2014-8925)

Vulnerability from cvelistv5 – Published: 2015-03-25 01:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-25T01:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8925",
    "datePublished": "2015-03-25T01:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3041 (GCVE-0-2013-3041)

Vulnerability from cvelistv5 – Published: 2013-10-01 00:00 – Updated: 2024-08-06 16:00
VLAI?
Summary
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-cve20133041-info-disclosure(84724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "clearquest-cve20133041-info-disclosure(84724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-cve20133041-info-disclosure(84724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3041",
    "datePublished": "2013-10-01T00:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0598 (GCVE-0-2013-0598)

Vulnerability from cvelistv5 – Published: 2013-09-28 01:00 – Updated: 2024-08-06 14:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM88185",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
          },
          {
            "name": "clearquest-cve20130598-csrf(83611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM88185",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
        },
        {
          "name": "clearquest-cve20130598-csrf(83611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM88185",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
            },
            {
              "name": "clearquest-cve20130598-csrf(83611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0598",
    "datePublished": "2013-09-28T01:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5757 (GCVE-0-2012-5757)

Vulnerability from cvelistv5 – Published: 2013-03-21 20:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM77153",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
          },
          {
            "name": "rcq-reflected-xss(80061)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM77153",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
        },
        {
          "name": "rcq-reflected-xss(80061)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM77153",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
            },
            {
              "name": "rcq-reflected-xss(80061)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21619993",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5757",
    "datePublished": "2013-03-21T20:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4839 (GCVE-0-2012-4839)

Vulnerability from cvelistv5 – Published: 2012-12-20 11:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
          },
          {
            "name": "1027889",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027889"
          },
          {
            "name": "rcq-iframes-xss(79068)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
        },
        {
          "name": "1027889",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027889"
        },
        {
          "name": "rcq-iframes-xss(79068)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
            },
            {
              "name": "1027889",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027889"
            },
            {
              "name": "rcq-iframes-xss(79068)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4839",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5765 (GCVE-0-2012-5765)

Vulnerability from cvelistv5 – Published: 2012-12-20 11:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
          },
          {
            "name": "PM72905",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
          },
          {
            "name": "rcq-sql-error-message(80211)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
        },
        {
          "name": "PM72905",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
        },
        {
          "name": "rcq-sql-error-message(80211)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
            },
            {
              "name": "PM72905",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
            },
            {
              "name": "rcq-sql-error-message(80211)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5765",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28796 (GCVE-0-2024-28796)

Vulnerability from nvd – Published: 2024-07-17 18:14 – Updated: 2024-08-02 00:56
VLAI?
Summary
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM ClearQuest Affected: 9.1 , ≤ 9.1.0.6 (semver)
    cpe:2.3:a:ibm:rational_clearquest:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rational_clearquest:9.1.0.6:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T13:18:51.348465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T14:33:18.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7160390"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:rational_clearquest:9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:rational_clearquest:9.1.0.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "9.1.0.6",
              "status": "affected",
              "version": "9.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
            }
          ],
          "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T18:14:45.862Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7160390"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28796",
    "datePublished": "2024-07-17T18:14:45.862Z",
    "dateReserved": "2024-03-10T12:23:33.662Z",
    "dateUpdated": "2024-08-02T00:56:58.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2922 (GCVE-0-2016-2922)

Vulnerability from nvd – Published: 2018-08-13 16:00 – Updated: 2024-09-16 23:10
VLAI?
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
Severity ?
3.7 (Low)
CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
CWE
  • Obtain Information
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Rational ClearQuest Affected: 8.0
Affected: 8.0.0.1
Affected: 8.0.0.2
Affected: 8.0.0.3
Affected: 8.0.0.4
Affected: 8.0.0.5
Affected: 8.0.0.6
Affected: 8.0.0.7
Affected: 8.0.1
Affected: 8.0.0.8
Affected: 8.0.1.1
Affected: 8.0.0.9
Affected: 8.0.0.10
Affected: 8.0.0.11
Affected: 8.0.1.2
Affected: 8.0.1.3
Affected: 8.0.1.4
Affected: 8.0.0.12
Affected: 8.0.1.5
Affected: 8.0.0.13
Affected: 8.0.1.6
Affected: 8.0.0.14
Affected: 8.0.1.7
Affected: 8.0.0.15
Affected: 8.0.1.8
Affected: 8.0.0.16
Affected: 8.0.1.9
Affected: 8.0.0.17
Affected: 8.0.1.10
Affected: 8.0.0.18
Affected: 8.0.1.11
Affected: 9.0
Affected: 9.0.0.1
Affected: 8.0.0.19
Affected: 8.0.1.12
Affected: 9.0.0.2
Affected: 8.0.0.20
Affected: 8.0.1.13
Affected: 9.0.0.3
Affected: 8.0.0.21
Affected: 8.0.1.14
Affected: 9.0.0.4
Affected: 9.0.1
Affected: 8.0.1.15
Affected: 9.0.0.5
Affected: 9.0.1.1
Affected: 8.0.1.16
Affected: 9.0.0.6
Affected: 9.0.1.2
Affected: 8.0.1.17
Affected: 9.0.1.3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
          },
          {
            "name": "ibm-clearquest-cve20162922-spoofing(113353)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.13"
            },
            {
              "status": "affected",
              "version": "8.0.1.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.14"
            },
            {
              "status": "affected",
              "version": "8.0.1.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.15"
            },
            {
              "status": "affected",
              "version": "8.0.1.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.16"
            },
            {
              "status": "affected",
              "version": "8.0.1.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.17"
            },
            {
              "status": "affected",
              "version": "8.0.1.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.18"
            },
            {
              "status": "affected",
              "version": "8.0.1.11"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.19"
            },
            {
              "status": "affected",
              "version": "8.0.1.12"
            },
            {
              "status": "affected",
              "version": "9.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.20"
            },
            {
              "status": "affected",
              "version": "8.0.1.13"
            },
            {
              "status": "affected",
              "version": "9.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.21"
            },
            {
              "status": "affected",
              "version": "8.0.1.14"
            },
            {
              "status": "affected",
              "version": "9.0.0.4"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.15"
            },
            {
              "status": "affected",
              "version": "9.0.0.5"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.16"
            },
            {
              "status": "affected",
              "version": "9.0.0.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.17"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-13T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
        },
        {
          "name": "ibm-clearquest-cve20162922-spoofing(113353)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-09T00:00:00",
          "ID": "CVE-2016-2922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational ClearQuest",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.1.1"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "8.0.0.13"
                          },
                          {
                            "version_value": "8.0.1.6"
                          },
                          {
                            "version_value": "8.0.0.14"
                          },
                          {
                            "version_value": "8.0.1.7"
                          },
                          {
                            "version_value": "8.0.0.15"
                          },
                          {
                            "version_value": "8.0.1.8"
                          },
                          {
                            "version_value": "8.0.0.16"
                          },
                          {
                            "version_value": "8.0.1.9"
                          },
                          {
                            "version_value": "8.0.0.17"
                          },
                          {
                            "version_value": "8.0.1.10"
                          },
                          {
                            "version_value": "8.0.0.18"
                          },
                          {
                            "version_value": "8.0.1.11"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.19"
                          },
                          {
                            "version_value": "8.0.1.12"
                          },
                          {
                            "version_value": "9.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.20"
                          },
                          {
                            "version_value": "8.0.1.13"
                          },
                          {
                            "version_value": "9.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.21"
                          },
                          {
                            "version_value": "8.0.1.14"
                          },
                          {
                            "version_value": "9.0.0.4"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.0.1.15"
                          },
                          {
                            "version_value": "9.0.0.5"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.1.16"
                          },
                          {
                            "version_value": "9.0.0.6"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.17"
                          },
                          {
                            "version_value": "9.0.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
            },
            {
              "name": "ibm-clearquest-cve20162922-spoofing(113353)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2922",
    "datePublished": "2018-08-13T16:00:00Z",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:10:24.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0950 (GCVE-0-2014-0950)

Vulnerability from nvd – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
          },
          {
            "name": "ibm-clearquest-cve20140950-info-disc(92623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
        },
        {
          "name": "ibm-clearquest-cve20140950-info-disc(92623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
            },
            {
              "name": "ibm-clearquest-cve20140950-info-disc(92623)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0950",
    "datePublished": "2018-04-20T21:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4996 (GCVE-0-2015-4996)

Vulnerability from nvd – Published: 2016-01-02 02:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034558",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1034558",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034558",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034558"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4996",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8925 (GCVE-0-2014-8925)

Vulnerability from nvd – Published: 2015-03-25 01:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-25T01:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8925",
    "datePublished": "2015-03-25T01:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3041 (GCVE-0-2013-3041)

Vulnerability from nvd – Published: 2013-10-01 00:00 – Updated: 2024-08-06 16:00
VLAI?
Summary
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-cve20133041-info-disclosure(84724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "clearquest-cve20133041-info-disclosure(84724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-cve20133041-info-disclosure(84724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3041",
    "datePublished": "2013-10-01T00:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0598 (GCVE-0-2013-0598)

Vulnerability from nvd – Published: 2013-09-28 01:00 – Updated: 2024-08-06 14:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM88185",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
          },
          {
            "name": "clearquest-cve20130598-csrf(83611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM88185",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
        },
        {
          "name": "clearquest-cve20130598-csrf(83611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM88185",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
            },
            {
              "name": "clearquest-cve20130598-csrf(83611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0598",
    "datePublished": "2013-09-28T01:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5757 (GCVE-0-2012-5757)

Vulnerability from nvd – Published: 2013-03-21 20:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM77153",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
          },
          {
            "name": "rcq-reflected-xss(80061)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM77153",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
        },
        {
          "name": "rcq-reflected-xss(80061)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM77153",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
            },
            {
              "name": "rcq-reflected-xss(80061)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21619993",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5757",
    "datePublished": "2013-03-21T20:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4839 (GCVE-0-2012-4839)

Vulnerability from nvd – Published: 2012-12-20 11:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
          },
          {
            "name": "1027889",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027889"
          },
          {
            "name": "rcq-iframes-xss(79068)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
        },
        {
          "name": "1027889",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027889"
        },
        {
          "name": "rcq-iframes-xss(79068)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
            },
            {
              "name": "1027889",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027889"
            },
            {
              "name": "rcq-iframes-xss(79068)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4839",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5765 (GCVE-0-2012-5765)

Vulnerability from nvd – Published: 2012-12-20 11:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
          },
          {
            "name": "PM72905",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
          },
          {
            "name": "rcq-sql-error-message(80211)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
        },
        {
          "name": "PM72905",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
        },
        {
          "name": "rcq-sql-error-message(80211)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
            },
            {
              "name": "PM72905",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
            },
            {
              "name": "rcq-sql-error-message(80211)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5765",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}