All the vulnerabilites related to ibm - rational_clearquest
Vulnerability from fkie_nvd
Published
2009-06-25 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/35564Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK77030Patch, Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1022456
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35564Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022456
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El servidor CQWeb en IBM Rational ClearQuest 7.0.0 en versiones anteriores a la 7.0.0.6 y 7.0.1 en versiones anteriores a la 7.0.1.5 permite a atacantes descubrir el (1) nombre de usuario o (2) la contrase\u00f1a mediante vectores no especificados."
    }
  ],
  "id": "CVE-2009-2212",
  "lastModified": "2024-11-21T01:04:23.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-25T17:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35564"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022456"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 05:59
Modified
2024-11-21 02:32
Severity ?
5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972331Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034558
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972331Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034558
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 7.1.2.12
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.0.8
ibm rational_clearquest 8.0.0.9
ibm rational_clearquest 8.0.0.10
ibm rational_clearquest 8.0.0.11
ibm rational_clearquest 8.0.0.12
ibm rational_clearquest 8.0.0.13
ibm rational_clearquest 8.0.0.14
ibm rational_clearquest 8.0.0.15
ibm rational_clearquest 8.0.0.16
ibm rational_clearquest 8.0.1
ibm rational_clearquest 8.0.1.1
ibm rational_clearquest 8.0.1.2
ibm rational_clearquest 8.0.1.3
ibm rational_clearquest 8.0.1.4
ibm rational_clearquest 8.0.1.5
ibm rational_clearquest 8.0.1.7
ibm rational_clearquest 8.0.1.8
ibm rational_clearquest 8.0.1.9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "73013249-31FF-41E5-BEB9-23856068644D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0DD7F6-3716-43FD-8C2F-EE14F7B54C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9162F1-625B-41DB-984A-536E9AD9DD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E501CB80-071F-49D8-A644-25A484814E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82661974-6B4F-4A0E-9870-2DD9CB463D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9299680-854F-4986-B308-94A0038D3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55365B6-7997-4D11-B21E-CF30659F0A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED314FE-24CB-4C32-B174-EE9D77771256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4E9664-66F6-43D5-8D23-0A0F872C52B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FFE056-CF92-4FC9-A4D7-B1EAFEB36E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9823C815-0526-4D11-A705-B00385608D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C801C-C068-4E73-8B16-D65B52BFB3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB872E39-0DFA-4AF8-8AE0-312F169FABE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EB6365-1BB1-4269-8419-02D2177BEBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADF149-66EB-4E83-8C4F-8B9AFB60987A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "76250E06-A2EF-4ADC-B493-3F4D4022F576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5672FE86-0EF2-4A3C-9189-D9E123CE8469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C220127B-18F8-4727-A7DD-9014A5485BC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4996",
  "lastModified": "2024-11-21T02:32:08.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T05:59:02.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034558"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-03-29 18:55
Modified
2024-11-21 01:25
Severity ?
Summary
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
References
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg21470998Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1025268
cve@mitre.orghttp://www.securitytracker.com/id?1025269
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0832
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/66304
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/66324
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21470998Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025268
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025269
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0832
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66304
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66324
Impacted products
Vendor Product Version
ibm rational_clearcase 7.0.0.4
ibm rational_clearcase 7.0.0.5
ibm rational_clearcase 7.0.0.6
ibm rational_clearcase 7.0.0.7
ibm rational_clearcase 7.0.0.8
ibm rational_clearcase 7.0.0.9
ibm rational_clearcase 7.0.1
ibm rational_clearcase 7.0.1.1
ibm rational_clearcase 7.0.1.2
ibm rational_clearcase 7.0.1.3
ibm rational_clearcase 7.0.1.4
ibm rational_clearcase 7.0.1.5
ibm rational_clearcase 7.0.1.6
ibm rational_clearcase 7.0.1.7
ibm rational_clearcase 7.0.1.8
ibm rational_clearcase 7.0.1.9
ibm rational_clearcase 7.0.1.10
ibm rational_clearcase 7.0.1.11
ibm rational_clearcase 7.1
ibm rational_clearcase 7.1.0.1
ibm rational_clearcase 7.1.0.2
ibm rational_clearcase 7.1.1
ibm rational_clearcase 7.1.1.1
ibm rational_clearcase 7.1.1.2
ibm rational_clearcase 7.1.1.3
ibm rational_clearcase 7.1.1.4
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.0.6
ibm rational_clearquest 7.0.0.7
ibm rational_clearquest 7.0.0.8
ibm rational_clearquest 7.0.0.9
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4
ibm rational_clearquest 7.0.1.5
ibm rational_clearquest 7.0.1.6
ibm rational_clearquest 7.0.1.7
ibm rational_clearquest 7.0.1.8
ibm rational_clearquest 7.0.1.9
ibm rational_clearquest 7.0.1.10
ibm rational_clearquest 7.0.1.11
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_common_licensing 7.0
ibm rational_common_licensing 7.0.0.1
ibm rational_common_licensing 7.0.0.2
ibm rational_common_licensing 7.0.1
ibm rational_common_licensing 7.0.1.1
ibm rational_common_licensing 7.0.3.1
ibm rational_common_licensing 7.1
ibm rational_common_licensing 7.1.0.1
ibm rational_common_licensing 7.1.0.2
ibm rational_common_licensing 7.1.1
ibm rational_common_licensing 7.1.1.1
ibm rational_common_licensing 7.1.1.2
ibm rational_common_licensing 7.1.1.3
ibm rational_common_licensing 7.1.1.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B7253C-8C65-4741-ACEA-ACB48D64CA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "25406D9C-7938-44A9-A396-D84653511721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "89289CAB-2043-41C0-AF40-C450AB3CEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "186D9C7F-3E3E-477E-A20A-91E70264AF6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "908678FF-CB67-430A-A9E0-4F408FA00AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED125939-3657-45AC-8F41-F61B08B4A220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCCE7749-300A-452B-B428-9CF1DB000205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45659CEA-A7C3-45EE-B0FF-A612BD701485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D149E05-BFCF-4C5A-9B9E-E1C5510E5A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBB3504-A37E-49D0-B668-00E57AC0B58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6CF9723-DCC6-47CE-BAC3-07E54CAD2382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB83063B-B145-44F1-A331-B1534551F097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2E9160-FFF9-4FEF-A498-D9E52C1F1FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "04699004-9016-40F6-8BA3-46ED1048EF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E9FBE-4D7A-4775-94AB-614653718710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDAC2996-1ACC-423C-BEA5-D86652A748D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83672-CA00-4172-9ED5-41136A997E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B940818-39A1-4D85-A74E-4B409519A397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67F177E-8B10-4D96-A337-5E207D77CCF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "838C21C7-9FBE-4119-968D-8091A7002FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB22A0A9-80FE-4009-8003-F6FAFD677EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CA02F1-8279-4061-8130-BB944CAA0386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AD4D68-A16D-4938-B791-C89693836DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "697342E1-79DB-44AE-BAF9-C90D48F20720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE3C539B-B353-4A62-AD9D-F6E2D5ED0F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "56358994-690C-404F-9931-F6240CF869D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "977C5C80-A289-4AFE-B910-2D17E1761711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5CA588-A2F2-46AA-9C76-E9B51BF2B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B82694-8D27-485E-8B02-A93146AADA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6843D8A9-4884-49C0-B663-E400F8060D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F558D1-A530-4778-A061-CA68DB2AA86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D0F17-A127-4514-85C4-266F371592DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "125F8B61-FD9F-411D-9555-FCC75BB98E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4842BC01-2573-4143-9C98-CB54FFEEBF95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E493C7B-F6F5-4F00-8AFC-8DA9AE21CB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A36449BB-861A-47F7-94BF-58CEED569FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FB892E-4795-4488-8198-DC7F9EEFDB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A6F6382-5DA8-43E6-BB41-9BFD465EC443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E86218F-3AA1-4287-B71E-0A0DFD46B8C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0EA8EF0-1288-4AC6-81BF-0FA63FBD5C70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "888C7414-FF22-4102-94CD-EE695967107A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D6B321-7AD3-4B70-B853-80764815985D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3685261-5566-463C-BABF-DC68A2A6529D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AACE52B-8712-4D41-94B6-16C4B7B79B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ABDC099-EEB7-4ED2-B381-2A7D4674ED50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8D8B01-BABC-4294-89DB-11A65B2F31F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3153FA5A-6A8E-40EC-9F55-15F570613C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_common_licensing:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C48E34C-865D-4C82-A4C5-6F18A0A1044C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros productos, permite a usuarios locales ganar privilegios a trav\u00e9s de un documento HTML caballo de troya en la zona de Mi PC"
    }
  ],
  "id": "CVE-2011-1205",
  "lastModified": "2024-11-21T01:25:47.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-03-29T18:55:02.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0832"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-08-15 23:17
Modified
2024-11-21 00:35
Severity ?
Summary
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
References
cve@mitre.orghttp://osvdb.org/36478Exploit
cve@mitre.orghttp://securityreason.com/securityalert/3012
cve@mitre.orghttp://www.securityfocus.com/archive/1/476475/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/25324
cve@mitre.orghttp://www.securitytracker.com/id?1018569Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36012
cve@mitre.orghttps://www.exploit-db.com/exploits/4286
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36478Exploit
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3012
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/476475/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25324
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018569Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36012
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4286
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en /main en IBM Rational ClearQuest (CQ) Web versiones 7.0.0.0.0-IFIX02 y 7.0.0.0.1,  permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio  del par\u00e1metro username en un comando GenerateMainFrame."
    }
  ],
  "id": "CVE-2007-4368",
  "lastModified": "2024-11-21T00:35:25.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-15T23:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/36478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/476475/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securitytracker.com/id?1018569"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36012"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/36478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/476475/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securitytracker.com/id?1018569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4286"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
References
cve@mitre.orghttp://secunia.com/advisories/32847Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK65908Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46995
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32847Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46995
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree."
    },
    {
      "lang": "es",
      "value": "La herramienta ClearQuest Maintenance en IBM Rational ClearQuest v7 anterior a la v7.1 almacena la contrase\u00f1a de la base de datos en texto claro en un objeto en un perfil de conexi\u00f3n de ClearQuest o un fichero de exportaci\u00f3n, que permitir\u00eda a usuarios remotos autenticados obtener informaci\u00f3n sensible localizando el objeto contrase\u00f1a en el \u00e1rbol de objetos."
    }
  ],
  "id": "CVE-2008-5327",
  "lastModified": "2024-11-21T00:53:50.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-05T00:30:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-05-14 22:55
Modified
2024-11-21 01:26
Severity ?
Summary
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
References
cve@mitre.orghttp://osvdb.org/81815
cve@mitre.orghttp://secunia.com/advisories/49093
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21594717Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/53483
cve@mitre.orghttp://www.securitytracker.com/id?1027060
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71802
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/81815
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49093
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21594717Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53483
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027060
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71802
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprovechamiento de una error en la funci\u00f3n de actualizaci\u00f3n por el usuario de base de datos."
    }
  ],
  "id": "CVE-2011-1390",
  "lastModified": "2024-11-21T01:26:12.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-14T22:55:01.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/81815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49093"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53483"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1027060"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK69316
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316
Impacted products
Vendor Product Version
ibm rational_clearquest 2007
ibm rational_clearquest 2008


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04B4977-F5C0-4438-BBB2-541A3221082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "900B37B1-944F-4B18-97AD-E4696F6E4F1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de ejecuci\u00f3n de comandos en sitios cruzados en CQ Web en IBM Rational ClearQuest v2007 anteriores a v2007D y v2008 anteriores a v2008B permitir\u00eda a atacantes remotos inyectar secuencias de c\u00f3digo web o HTML a trav\u00e9s de vectores no espec\u00edficos."
    }
  ],
  "id": "CVE-2008-5324",
  "lastModified": "2024-11-21T00:53:49.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-05T00:30:00.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
References
cve@mitre.orgftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PM22186
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21125139
cve@mitre.orghttp://www.securityfocus.com/bid/45648
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64439
af854a3a-2127-422b-91ae-364da2661108ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21125139
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45648
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64439
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.0.6
ibm rational_clearquest 7.0.0.7
ibm rational_clearquest 7.0.0.8
ibm rational_clearquest 7.0.0.9
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4
ibm rational_clearquest 7.0.1.5
ibm rational_clearquest 7.0.1.6
ibm rational_clearquest 7.0.1.7
ibm rational_clearquest 7.0.1.8
ibm rational_clearquest 7.0.1.9
ibm rational_clearquest 7.0.1.10
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "697342E1-79DB-44AE-BAF9-C90D48F20720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE3C539B-B353-4A62-AD9D-F6E2D5ED0F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "56358994-690C-404F-9931-F6240CF869D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "977C5C80-A289-4AFE-B910-2D17E1761711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5CA588-A2F2-46AA-9C76-E9B51BF2B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B82694-8D27-485E-8B02-A93146AADA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6843D8A9-4884-49C0-B663-E400F8060D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F558D1-A530-4778-A061-CA68DB2AA86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D0F17-A127-4514-85C4-266F371592DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "125F8B61-FD9F-411D-9555-FCC75BB98E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest 7.0.x anteriores a v7.0.1.11, v7.1.1.x anteriores a v7.1.1.4, y v7.1.2.x anteriores a v7.1.2.1 no previene la modificaci\u00f3n de campos referencia hacia atr\u00e1s, lo que permite a usuarios remotos autenticados interferir con las relaciones de registros establecidas, y posiblemente causar una denegaci\u00f3n de servicio (bucle) u otro tipo de impacto no especificado, a trav\u00e9s de (1) la inclusi\u00f3n o (2) la eliminaci\u00f3n de una referencia hacia atr\u00e1s."
    }
  ],
  "id": "CVE-2010-4603",
  "lastModified": "2024-11-21T01:21:19.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-29T18:00:03.667",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45648"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-09-26 20:17
Modified
2024-11-21 00:37
Severity ?
Summary
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
References
cve@mitre.orghttp://osvdb.org/40598Broken Link
cve@mitre.orghttp://secunia.com/advisories/26899Third Party Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21268116Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/25810Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1018735Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3264Permissions Required
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36771VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/40598Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26899Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21268116Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25810Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018735Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3264Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36771VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest 5.00
ibm rational_clearquest 5.20
ibm rational_clearquest 6.00
ibm rational_clearquest 6.12
ibm rational_clearquest 6.13
ibm rational_clearquest 6.14
ibm rational_clearquest 6.15
ibm rational_clearquest 6.16
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.1
ibm db2 -
microsoft sql_server -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C11BD51-B4FB-4717-B614-EC2785C20493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C94CDDFF-420F-4C9B-A668-A79FAF73AC84",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B65554F-BD5C-4EDE-8E16-4C57078592D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el IBM Rational ClearQuest (CQ), cuando se utilizan las bases de datos Microsoft SQL Server o IBM DB2, permite a atacantes remotos corromper los datos a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2007-5090",
  "lastModified": "2024-11-21T00:37:06.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-26T20:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40598"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25810"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018735"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM61822Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21606319Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75048
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21606319Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75048
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite a los usuarios remotos autenticados obtener informaci\u00f3n sensible de la traza de pila a partir de los mensajes de error del servidor CM a trav\u00e9s de un par\u00e1metro no v\u00e1lido."
    }
  ],
  "id": "CVE-2012-2168",
  "lastModified": "2024-11-21T01:38:38.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-17T20:55:04.307",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606319"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75048"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-06-30 18:30
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
References
cve@mitre.orghttp://secunia.com/advisories/40341Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PM07157Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/41205
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1615Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40341Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41205
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1615Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest 5.00
ibm rational_clearquest 5.20
ibm rational_clearquest 6.00
ibm rational_clearquest 6.10
ibm rational_clearquest 6.12
ibm rational_clearquest 6.13
ibm rational_clearquest 6.14
ibm rational_clearquest 6.15
ibm rational_clearquest 6.16
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.0.6
ibm rational_clearquest 7.0.0.7
ibm rational_clearquest 7.0.0.8
ibm rational_clearquest 7.0.0.9
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4
ibm rational_clearquest 7.0.1.5
ibm rational_clearquest 7.0.1.6
ibm rational_clearquest 7.0.1.7
ibm rational_clearquest 7.0.1.8
ibm rational_clearquest 7.0.1.9
ibm rational_clearquest 7.0.2
ibm rational_clearquest 2007
ibm rational_clearquest 2008


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CF33DA-7520-4321-99D9-0F07F898A606",
              "versionEndIncluding": "7.1.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5E8200-BB7C-48DE-B946-27535E6F5D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C11BD51-B4FB-4717-B614-EC2785C20493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "697342E1-79DB-44AE-BAF9-C90D48F20720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE3C539B-B353-4A62-AD9D-F6E2D5ED0F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "56358994-690C-404F-9931-F6240CF869D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "977C5C80-A289-4AFE-B910-2D17E1761711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5CA588-A2F2-46AA-9C76-E9B51BF2B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B82694-8D27-485E-8B02-A93146AADA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6843D8A9-4884-49C0-B663-E400F8060D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F558D1-A530-4778-A061-CA68DB2AA86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D0F17-A127-4514-85C4-266F371592DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04B4977-F5C0-4438-BBB2-541A3221082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "900B37B1-944F-4B18-97AD-E4696F6E4F1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no espec\u00edficas en IBM Rational ClearQuest anterior al v7.1.1.02 tienen un impacto desconocido y vectores de ataque como lo demuestra un informe de AppScan"
    }
  ],
  "id": "CVE-2010-2517",
  "lastModified": "2024-11-21T01:16:49.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-30T18:30:01.880",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40341"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/41205"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1615"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-12-20 12:02
Modified
2024-11-21 01:43
Severity ?
Summary
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21620342Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id?1027889
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21620342Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027889
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79068
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
    },
    {
      "lang": "es",
      "value": "La interfaz OSLC en el cliente Web (tambi\u00e9n conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.x antes de v8.0.0.5 permite a atacantes remotos para realizar ataques de phishing a trav\u00e9s de un elemento FRAME."
    }
  ],
  "id": "CVE-2012-4839",
  "lastModified": "2024-11-21T01:43:35.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-12-20T12:02:17.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1027889"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-09-28 03:40
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM88185
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21648665Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83611
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21648665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83611
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF en el cliente Web en IBM Rational ClearQuest v7.1 anterior a v7.1.2.12, v8.0 anterior a v8.0.0.8 y v8.0.1 anterior a v8.0.1.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2013-0598",
  "lastModified": "2024-11-21T01:47:49.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-28T03:40:55.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:35
Severity ?
Summary
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM66896
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21599361Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21606317Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74671
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21599361Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21606317Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74671
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest v7.1.x a v7.1.2.7 y v8.x a v8.0.0.3 permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible a trav\u00e9s de una solicitud a los scripts de ejemplo (1) snoop, (2) hello , (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp , o (12) cqweb/j_security_check."
    }
  ],
  "id": "CVE-2012-0744",
  "lastModified": "2024-11-21T01:35:38.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-17T20:55:01.700",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM62762Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21607783Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75049
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21607783Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75049
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en las funciones de subir archivos (file-upload) en el cliente Web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de descripci\u00f3n del archivo (File Description)."
    }
  ],
  "id": "CVE-2012-2169",
  "lastModified": "2024-11-21T01:38:38.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-17T20:55:04.370",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
References
cve@mitre.orghttp://secunia.com/advisories/32847Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK65908
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46995
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32847Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46995
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E77C5E-E70E-4468-8206-4B74150BC4E0",
              "versionEndIncluding": "7.0.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process."
    },
    {
      "lang": "es",
      "value": "La herramienta ClearQuest Maintenance en IBM Rational ClearQuest anterior a la v7 almacena la contrase\u00f1a de la base de datos en texto claro en un objeto en un perfil de conexi\u00f3n de ClearQuest o un fichero de exportaci\u00f3n, que permitir\u00eda a usuarios remotos autenticados obtener informaci\u00f3n sensible localizando el objeto contrase\u00f1a en el \u00e1rbol de objetos durante un proceso de importaci\u00f3n."
    }
  ],
  "id": "CVE-2008-5328",
  "lastModified": "2024-11-21T00:53:50.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-05T00:30:00.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
References
cve@mitre.orghttp://secunia.com/advisories/32847Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK30938Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/32577
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46994
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32847Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32577
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46994
Impacted products
Vendor Product Version
microsoft windows *
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks."
    },
    {
      "lang": "es",
      "value": "La herramienta ClearQuest Maintenance en IBM Rational ClearQuest v7.0.0 anterior a la v7.0.0.4 v7.0.1 anterior a la v7.0.1.3 en Windows permitir\u00eda a usuarios locales obtener (1) usuario y (2) contrase\u00f1as de la base de datos mediante una utilidad de revelaci\u00f3n de contrase\u00f1a en un campo que contiene una serie de asteriscos."
    }
  ],
  "id": "CVE-2008-5326",
  "lastModified": "2024-11-21T00:53:50.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-05T00:30:00.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32577"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46994"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-04-22 18:55
Modified
2024-11-21 01:35
Severity ?
Summary
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
References
psirt@us.ibm.comhttp://osvdb.org/81443
psirt@us.ibm.comhttp://secunia.com/advisories/48933
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21591705Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53170
psirt@us.ibm.comhttp://www.securitytracker.com/id?1026958
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73492
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/81443
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48933
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21591705Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53170
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026958
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73492
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en memoria din\u00e1mica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y v8.0.0 antes de v8.0.0.2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una p\u00e1gina modificada que aprovecha un desajuste de la funci\u00f3n-prototipo RegisterSchemaRepoFromFileByDbSet."
    }
  ],
  "id": "CVE-2012-0708",
  "lastModified": "2024-11-21T01:35:35.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-22T18:55:03.750",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/81443"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48933"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21591705"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53170"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1026958"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21591705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73492"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-03-21 20:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21619993Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80061
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21619993Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80061
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Ejecuci\u00f3n de secuiencias de comandos en sitios cruzados (XSS) en el cliente web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.10 y  v8.x antes de v8.0.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL maliciosa."
    }
  ],
  "id": "CVE-2012-5757",
  "lastModified": "2024-11-21T01:45:10.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-03-21T20:55:00.907",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.
References
cve@mitre.orgftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
cve@mitre.orghttp://secunia.com/advisories/42624Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PM15146
af854a3a-2127-422b-91ae-364da2661108ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146
Impacted products
Vendor Product Version
dojofoundation dojo_toolkit *
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dojofoundation:dojo_toolkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48559B5-A54E-4ABC-98AC-D4C62F92F8F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an \"open direct\" issue."
    },
    {
      "lang": "es",
      "value": "Dojo Toolkit, como el usado en en el cliente Web de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anteriores a v7.1.2.1, permite a atacantes remotos leer las cookies navegando hasta el archivo Dojo, relacionado con el problema \"Open direct\""
    }
  ],
  "id": "CVE-2010-4600",
  "lastModified": "2024-11-21T01:21:19.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-29T18:00:03.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-08-08 19:41
Modified
2024-11-21 00:49
Severity ?
Summary
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.
References
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1PK68332
cve@mitre.orghttp://www.securitytracker.com/id?1020642
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2317
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/44254
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020642
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2317
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/44254
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability."
    },
    {
      "lang": "es",
      "value": "La p\u00e1gina de login de CQWeb en IBM Rational ClearQuest 7.0.1 permite a atacantes remotos obtener informaci\u00f3n sensible (p\u00e1gina de c\u00f3digo fuente) a trav\u00e9s de una combinaci\u00f3n de secuencias de ?script? y ?/script? en el campo id, posiblemente relacionado con una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)."
    }
  ],
  "id": "CVE-2008-3550",
  "lastModified": "2024-11-21T00:49:31.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-08T19:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2317"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44254"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-12-20 12:02
Modified
2024-11-21 01:45
Severity ?
Summary
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM72905Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21620048Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80211
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21620048Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80211
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
    },
    {
      "lang": "es",
      "value": "El Cliente Web (tambi\u00e9n conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.5 antes de v8.0.0.x permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados que desencadenan un mensaje de error de SQL."
    }
  ],
  "id": "CVE-2012-5765",
  "lastModified": "2024-11-21T01:45:11.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-20T12:02:19.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-09-20 22:03
Modified
2024-11-21 00:00
Severity ?
Summary
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
References
cve@mitre.orghttp://secunia.com/advisories/16717Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16717Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all
Impacted products
Vendor Product Version
ibm rational_clearquest 5.00
ibm rational_clearquest 5.20
ibm rational_clearquest 6.00
ibm rational_clearquest 6.10
ibm rational_clearquest 6.12
ibm rational_clearquest 6.13
ibm rational_clearquest 6.14
ibm rational_clearquest 6.15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5E8200-BB7C-48DE-B946-27535E6F5D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS)."
    }
  ],
  "id": "CVE-2005-2994",
  "lastModified": "2024-11-21T00:00:53.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-09-20T22:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16717"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-20 21:29
Modified
2024-11-21 02:03
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21675164Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/92623VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21675164Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/92623VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3933A6A-CFD4-41B9-BF65-8100C0C93DE5",
              "versionEndIncluding": "7.1.1.9",
              "versionStartIncluding": "7.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5FCFE9-E734-4B5E-BA7F-0934AA080FC8",
              "versionEndIncluding": "7.1.2.13",
              "versionStartIncluding": "7.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49E5999-38E4-4C4F-BF76-E284E1D97D53",
              "versionEndIncluding": "8.0.0.10",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3792D419-1791-46AA-BB3E-E432D470CB2D",
              "versionEndIncluding": "8.0.1.3",
              "versionStartIncluding": "8.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, (2) el cliente ClearQuest Native, (3) el cliente ClearQuest Eclipse y (4) los componentes ClearQuest Eclipse Designer en IBM Rational ClearCase 7.1.1 hasta 7.1.1.9, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92623."
    }
  ],
  "id": "CVE-2014-0950",
  "lastModified": "2024-11-21T02:03:05.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-20T21:29:00.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/37811Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1023370
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK86377Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/37385
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3580Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37811Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023370
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37385
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3580Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearcase *
ibm rational_clearcase 7.0.0.1
ibm rational_clearcase 7.0.0.2
ibm rational_clearcase 7.0.0.4
ibm rational_clearcase 7.0.1.1
ibm rational_clearcase 7.0.1.3
ibm rational_clearquest 5.00
ibm rational_clearquest 5.20
ibm rational_clearquest 6.00
ibm rational_clearquest 6.10
ibm rational_clearquest 6.12
ibm rational_clearquest 6.13
ibm rational_clearquest 6.14
ibm rational_clearquest 6.15
ibm rational_clearquest 6.16
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.2
ibm rational_clearquest 2007
ibm rational_clearquest 2008


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3717DBA-FF31-4542-BE04-FD2B89447B6B",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D00DF56-BFB1-4B91-95A4-0A2F33074AE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58FCE9A7-B9C0-470D-A71D-2A94F826A907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "63308FC2-AE4D-4D50-B969-6AB28A77E550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89778E9A-90E8-4467-A33B-5F2BB0762A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E293794-7223-46EE-BA6A-EF0535566312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5E8200-BB7C-48DE-B946-27535E6F5D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C11BD51-B4FB-4717-B614-EC2785C20493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04B4977-F5C0-4438-BBB2-541A3221082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "900B37B1-944F-4B18-97AD-E4696F6E4F1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La interfaz web (tambi\u00e9n conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no  gestiona adecuadamente el uso de URLs antiguas de conexi\u00f3n autom\u00e1tica, lo que podr\u00eda \r\npermitir descubrir las contrase\u00f1as de cuentas de usuario los atacantes remotos mediante vectores no especificados."
    }
  ],
  "id": "CVE-2009-4357",
  "lastModified": "2024-11-21T01:09:26.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-18T19:30:00.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37811"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37385"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3580"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 00:55
Modified
2024-11-21 01:52
Severity ?
Summary
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21648086Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84724
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21648086Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84724
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
    },
    {
      "lang": "es",
      "value": "El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener informaci\u00f3n sensible del flujo de datos cliente-servidor a trav\u00e9s de vectores no especificados asociados con un \"ataque de secuestro JSON\"."
    }
  ],
  "id": "CVE-2013-3041",
  "lastModified": "2024-11-21T01:52:52.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T00:55:12.880",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/32847Third Party Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK69316Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/50369Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/32576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32847Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/50369Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32576Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F596BC60-3103-466E-9155-9B5CACDA0BDC",
              "versionEndExcluding": "7.0.0.4",
              "versionStartIncluding": "7.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "298DDF59-1348-4FEC-803A-4E36ACE453F6",
              "versionEndExcluding": "7.0.1.3",
              "versionStartIncluding": "7.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de ejecuci\u00f3n de comandos en sitios cruzados en CQ Web en IBM Rational ClearQuest v7.0.0 anterior a la v7.0.0.4 y 7.0.1 anterior a la v7.0.1.3 permitir\u00eda a atacantes remotos inyectar secuencias de comandos web o HTML a su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos."
    }
  ],
  "id": "CVE-2008-5325",
  "lastModified": "2024-11-21T00:53:50.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-05T00:30:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/50369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/32576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/50369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/32576"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.
References
cve@mitre.orgftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PM20172Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/45646
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64440
af854a3a-2127-422b-91ae-364da2661108ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45646
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64440
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass \"restricted user\" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark."
    },
    {
      "lang": "es",
      "value": "El cliente web en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a usuarios autenticados remotamente evitar las limitaciones de usuario y leer registros de su elecci\u00f3n, a trav\u00e9s de un n\u00famero de registro modificado en la URL de una acci\u00f3n RECORD, como se ha demostrado modificando bookmark."
    }
  ],
  "id": "CVE-2010-4602",
  "lastModified": "2024-11-21T01:21:19.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-29T18:00:03.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45646"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64440"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
References
cve@mitre.orghttp://osvdb.org/34346
cve@mitre.orghttp://secunia.com/advisories/24523Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/2442
cve@mitre.orghttp://www.securityfocus.com/archive/1/462919/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22981
cve@mitre.orghttp://www.securitytracker.com/id?1017786
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1036
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33001
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34346
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24523Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2442
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/462919/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22981
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017786
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1036
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33001
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el IBM Rational ClearQuest (CQ) Web 7.0.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un adjunto en la entrada de log por defecto."
    }
  ],
  "id": "CVE-2007-1468",
  "lastModified": "2024-11-21T00:28:23.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34346"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462919/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22981"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017786"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1036"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462919/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33001"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM62740Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21606385Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75040
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21606385Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75040
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3, cuando la autenticaci\u00f3n ClearQuest est\u00e1 activada, permite leer los hashes de contrase\u00f1as a usuarios remotos autenticados a trav\u00e9s de una consulta de usuario."
    }
  ],
  "id": "CVE-2012-2165",
  "lastModified": "2024-11-21T01:38:37.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-17T20:55:04.260",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606385"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75040"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.
References
cve@mitre.orghttp://secunia.com/advisories/32847Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK38745Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46993
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32847Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46993
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E77C5E-E70E-4468-8206-4B74150BC4E0",
              "versionEndIncluding": "7.0.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client\u0027s submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file."
    },
    {
      "lang": "es",
      "value": "ClearQuest Web en IBM Rational ClearQuest MultiSite anteriores a la v7.1 permitir\u00eda a atacantes remotos dirigir env\u00edos del cliente y cambios a una base de datos de su elecci\u00f3n especificando unos identificadores de servidor separados por m\u00faltiples comas en la linea JTLRMIREGISTRYSERVERS del fichero jtl.properties."
    }
  ],
  "id": "CVE-2008-5329",
  "lastModified": "2024-11-21T00:53:50.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-05T00:30:00.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46993"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM61670Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21605838Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77094
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21605838Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77094
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite inyectar secuencias de comandos web o HTML a los usuarios remotos autenticados a trav\u00e9s de una consulta de espacio de trabajo."
    }
  ],
  "id": "CVE-2012-2205",
  "lastModified": "2024-11-21T01:38:42.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-17T20:55:04.450",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-07-17 19:15
Modified
2024-11-21 09:06
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/286833VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7160390Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/286833VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7160390Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74BDBA2-AE21-4EB3-A836-336941D650B4",
              "versionEndExcluding": "9.1.0.7",
              "versionStartIncluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
    },
    {
      "lang": "es",
      "value": "IBM ClearQuest (CQ) 9.1 a 9.1.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 286833."
    }
  ],
  "id": "CVE-2024-28796",
  "lastModified": "2024-11-21T09:06:56.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-17T19:15:10.937",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7160390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7160390"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.
References
cve@mitre.orghttp://secunia.com/advisories/42624Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PM01811
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.0.6
ibm rational_clearquest 7.0.0.7
ibm rational_clearquest 7.0.0.8
ibm rational_clearquest 7.0.0.9
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4
ibm rational_clearquest 7.0.1.5
ibm rational_clearquest 7.0.1.6
ibm rational_clearquest 7.0.1.7
ibm rational_clearquest 7.0.1.8
ibm rational_clearquest 7.0.1.9
ibm rational_clearquest 7.0.1.10
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "697342E1-79DB-44AE-BAF9-C90D48F20720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE3C539B-B353-4A62-AD9D-F6E2D5ED0F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "56358994-690C-404F-9931-F6240CF869D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "977C5C80-A289-4AFE-B910-2D17E1761711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5CA588-A2F2-46AA-9C76-E9B51BF2B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B82694-8D27-485E-8B02-A93146AADA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6843D8A9-4884-49C0-B663-E400F8060D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F558D1-A530-4778-A061-CA68DB2AA86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D0F17-A127-4514-85C4-266F371592DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "125F8B61-FD9F-411D-9555-FCC75BB98E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a atacantes tener un impacto no especificado a trav\u00e9s de vectores sin especificar relacionados con archivos .ocx de terceros."
    }
  ],
  "id": "CVE-2010-4601",
  "lastModified": "2024-11-21T01:21:19.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-29T18:00:03.587",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-11 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
References
cve@mitre.orghttp://secunia.com/advisories/29280Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1PK55561Patch
cve@mitre.orghttp://www.securityfocus.com/bid/28132Patch
cve@mitre.orghttp://www.securitytracker.com/id?1019566
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0804/referencesVendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41042
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29280Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28132Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019566
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0804/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest versiones 7.0.1.1.1 y 7.0.0.0.2, genera diferentes mensajes de error dependiendo de si el nombre de usuario es v\u00e1lido o no v\u00e1lido, lo que permite a los atacantes remotos enumerar los nombres de usuario."
    }
  ],
  "id": "CVE-2008-1287",
  "lastModified": "2024-11-21T00:44:10.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-11T17:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29280"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28132"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0804/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0804/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-11 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
References
cve@mitre.orghttp://secunia.com/advisories/29280Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1PK55753Patch
cve@mitre.orghttp://www.securityfocus.com/bid/28133Patch
cve@mitre.orghttp://www.securitytracker.com/id?1019567
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0804/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29280Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28133Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019567
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0804/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41043
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest 7.0.1.1 y 7.0.0.2 podr\u00edan permitir a atacantes locales o remotos obtener informaci\u00f3n sensible sobre usuarios mediante la lectura de las cookies de los usuarios."
    }
  ],
  "id": "CVE-2008-1288",
  "lastModified": "2024-11-21T00:44:10.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-11T17:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29280"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019567"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0804/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0804/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2024-11-21 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
References
cve@mitre.orghttp://secunia.com/advisories/29467Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/3753
cve@mitre.orghttp://www.securityfocus.com/archive/1/489861/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28296
cve@mitre.orghttp://www.securitytracker.com/id?1019685
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0952/referencesVendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41328
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3753
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489861/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28296
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019685
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0952/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41328
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF2B2BA7-86BA-45E5-B6D2-D279D6A3C873",
              "versionEndIncluding": "2003-06-16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login."
    }
  ],
  "id": "CVE-2007-4592",
  "lastModified": "2024-11-21T00:35:58.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-20T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3753"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0952/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0952/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
References
cve@mitre.orghttp://secunia.com/advisories/32957
cve@mitre.orghttp://securitytracker.com/id?1021295
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK70972Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/32574
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3330
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46983
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32957
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021295
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32574
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3330
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46983
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de ejecuci\u00f3n de comandos en sitios cruzados en la interfaz web de ClearCase RWP server en IBM Rational ClearCase v7.0.0 anterior a la v7.0.0.4, y v7.0.1.1-RATL-RCC-IFIX02 y posiblemente v7.0.1 anteriores a v7.0.1.3, permitiria a atacantes remotos inyectar secuencias de comandos web o HTML a traves de PATH_INFO de un URI asociado con una pagina VOB."
    }
  ],
  "id": "CVE-2008-5330",
  "lastModified": "2024-11-21T00:53:50.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-05T00:30:00.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021295"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32574"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3330"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46983"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM62735Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21606318Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75039
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21606318Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75039
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 8.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack."
    },
    {
      "lang": "es",
      "value": "El cliente Web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y 8.x antes de v8.0.0.3 permite pasar por alto las restricciones de acceso a los usuarios remotos autenticados, y usar el men\u00fa Administraci\u00f3n de sitios para modificar la configuraci\u00f3n del sistema a trav\u00e9s de un ataque de manipulaci\u00f3n de par\u00e1metros."
    }
  ],
  "id": "CVE-2012-2164",
  "lastModified": "2024-11-21T01:38:37.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-17T20:55:04.213",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606318"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21606318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75039"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-06-25 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/35564Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1PK77030Patch, Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1022456
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35564Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022456
Impacted products
Vendor Product Version
ibm rational_clearquest 7.0
ibm rational_clearquest 7.0.0.0
ibm rational_clearquest 7.0.0.1
ibm rational_clearquest 7.0.0.2
ibm rational_clearquest 7.0.0.3
ibm rational_clearquest 7.0.0.4
ibm rational_clearquest 7.0.0.5
ibm rational_clearquest 7.0.1
ibm rational_clearquest 7.0.1.0
ibm rational_clearquest 7.0.1.1
ibm rational_clearquest 7.0.1.2
ibm rational_clearquest 7.0.1.3
ibm rational_clearquest 7.0.1.4
ibm rational_clearquest 7.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60F687F-99A1-43C2-90F8-6F56265A2E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE6CA8-1504-46FA-8A36-FFDBD1BBE5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DFFEC-D128-4F26-994E-02BBDC2CFA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE76312-2E8E-4559-ACBB-9089B64C6E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C008D-917B-44BB-AB20-6A662668B526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525242E-6B9A-4F6F-B506-93C92958CA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B52763-5940-4249-BEB4-C14C008DA48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E2844B-40BA-48F1-8E2E-C0534078D186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el servidor CQWeb en IBM Rational ClearQuest 7.0.0 en versiones anteriores a la 7.0.0.6 y 7.0.1 en versiones anteriores a la 7.0.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."
    }
  ],
  "id": "CVE-2009-2211",
  "lastModified": "2024-11-21T01:04:23.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-25T17:30:00.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35564"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022456"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-13 16:29
Modified
2024-11-21 02:49
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/113353VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10718377Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *
ibm rational_clearquest *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49EE604-3C2F-4D13-9573-0F9D966A236C",
              "versionEndIncluding": "8.0.0.21",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1560BFE-237C-452C-943A-4D8EB7AC6806",
              "versionEndIncluding": "8.0.1.17",
              "versionStartIncluding": "8.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA0B1EA-9D53-46A3-AE22-9FE2FAA55693",
              "versionEndIncluding": "9.0.0.6",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA3A182-A86B-4A19-B721-A333AF1E20DE",
              "versionEndIncluding": "9.0.1.3",
              "versionStartIncluding": "9.0.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
    },
    {
      "lang": "es",
      "value": "IBM Rational ClearQuest desde la versi\u00f3n 8.0 hasta la 8.0.1.9 y desde la 9.0 hasta la 9.0.1.3 (CQ OSLC linkages, EmailRelay) fracasa a la hora de comprobar el certificado SSL contra el nombre de host solicitado. Est\u00e1 sujeto a un ataque Man-in-the-Middle (MitM) con un servidor de suplantaci\u00f3n que observa todos los datos transmitidos al servidor real. IBM X-Force ID: 113353."
    }
  ],
  "id": "CVE-2016-2922",
  "lastModified": "2024-11-21T02:49:01.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-13T16:29:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-03-25 01:59
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21699148Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21699148Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_clearquest 7.1
ibm rational_clearquest 7.1.0.1
ibm rational_clearquest 7.1.0.2
ibm rational_clearquest 7.1.1
ibm rational_clearquest 7.1.1.1
ibm rational_clearquest 7.1.1.2
ibm rational_clearquest 7.1.1.3
ibm rational_clearquest 7.1.1.4
ibm rational_clearquest 7.1.1.5
ibm rational_clearquest 7.1.1.6
ibm rational_clearquest 7.1.1.7
ibm rational_clearquest 7.1.1.8
ibm rational_clearquest 7.1.1.9
ibm rational_clearquest 7.1.2
ibm rational_clearquest 7.1.2.1
ibm rational_clearquest 7.1.2.2
ibm rational_clearquest 7.1.2.3
ibm rational_clearquest 7.1.2.4
ibm rational_clearquest 7.1.2.5
ibm rational_clearquest 7.1.2.6
ibm rational_clearquest 7.1.2.7
ibm rational_clearquest 7.1.2.8
ibm rational_clearquest 7.1.2.9
ibm rational_clearquest 7.1.2.10
ibm rational_clearquest 7.1.2.11
ibm rational_clearquest 7.1.2.12
ibm rational_clearquest 7.1.2.13
ibm rational_clearquest 7.1.2.14
ibm rational_clearquest 7.1.2.15
ibm rational_clearquest 8.0.0
ibm rational_clearquest 8.0.0.1
ibm rational_clearquest 8.0.0.2
ibm rational_clearquest 8.0.0.3
ibm rational_clearquest 8.0.0.4
ibm rational_clearquest 8.0.0.5
ibm rational_clearquest 8.0.0.6
ibm rational_clearquest 8.0.0.7
ibm rational_clearquest 8.0.0.8
ibm rational_clearquest 8.0.0.9
ibm rational_clearquest 8.0.0.10
ibm rational_clearquest 8.0.0.11
ibm rational_clearquest 8.0.0.12
ibm rational_clearquest 8.0.1
ibm rational_clearquest 8.0.1.1
ibm rational_clearquest 8.0.1.2
ibm rational_clearquest 8.0.1.3
ibm rational_clearquest 8.0.1.4
ibm rational_clearquest 8.0.1.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7F255A-380A-4165-81E9-CC1BD76DFF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D6A4C-A5B0-46A8-80ED-CAD3EC279149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D44F0-BD01-488C-AEB1-8D82E726AECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CD36A3-8D15-439A-97E7-67D7293EB875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCC5D8D-50E1-4DD1-B57F-2A692C8BBE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A783CBC-1A1B-45CA-9FEE-C43FF1052C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5FDBE0-5661-4710-A7C0-15A28DDDF641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "73013249-31FF-41E5-BEB9-23856068644D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB32FAB-070C-4F26-A755-A75910B23F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "36185A72-1DF5-4A9E-816F-7D0800AC8CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54F5BE0-9424-46A8-A823-AE3B0F85014D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB789E2-96FE-49E1-B0F9-F2F84D4F9F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10D7B59-BD29-4CE8-B1D5-D2217A07FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EF380-E216-4535-B0C8-FCE00E5F05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0DD7F6-3716-43FD-8C2F-EE14F7B54C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9162F1-625B-41DB-984A-536E9AD9DD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E501CB80-071F-49D8-A644-25A484814E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82661974-6B4F-4A0E-9870-2DD9CB463D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9299680-854F-4986-B308-94A0038D3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6021256F-894C-4366-B6A4-95FAF4CAED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9823C815-0526-4D11-A705-B00385608D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C801C-C068-4E73-8B16-D65B52BFB3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB872E39-0DFA-4AF8-8AE0-312F169FABE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EB6365-1BB1-4269-8419-02D2177BEBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADF149-66EB-4E83-8C4F-8B9AFB60987A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que provocan un cierre de sesi\u00f3n o insertan secuencias de XSS."
    }
  ],
  "id": "CVE-2014-8925",
  "lastModified": "2024-11-21T02:19:57.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-03-25T01:59:12.173",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2009-2212
Vulnerability from cvelistv5
Published
2009-06-25 17:00
Modified
2024-09-16 23:00
Severity ?
Summary
The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.
References
http://secunia.com/advisories/35564third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1022456vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:44:55.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35564",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35564"
          },
          {
            "name": "PK77030",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
          },
          {
            "name": "1022456",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022456"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-25T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35564",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35564"
        },
        {
          "name": "PK77030",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
        },
        {
          "name": "1022456",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022456"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35564",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35564"
            },
            {
              "name": "PK77030",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
            },
            {
              "name": "1022456",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022456"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2212",
    "datePublished": "2009-06-25T17:00:00Z",
    "dateReserved": "2009-06-25T00:00:00Z",
    "dateUpdated": "2024-09-16T23:00:57.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3550
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 09:45
Severity ?
Summary
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.
References
http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/44254vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1020642vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2317vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK68332",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332"
          },
          {
            "name": "rational-clearquest-login-info-disclosure(44254)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44254"
          },
          {
            "name": "1020642",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020642"
          },
          {
            "name": "ADV-2008-2317",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2317"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK68332",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332"
        },
        {
          "name": "rational-clearquest-login-info-disclosure(44254)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44254"
        },
        {
          "name": "1020642",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020642"
        },
        {
          "name": "ADV-2008-2317",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2317"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK68332",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332"
            },
            {
              "name": "rational-clearquest-login-info-disclosure(44254)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44254"
            },
            {
              "name": "1020642",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020642"
            },
            {
              "name": "ADV-2008-2317",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2317"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3550",
    "datePublished": "2008-08-08T19:00:00",
    "dateReserved": "2008-08-08T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5765
Vulnerability from cvelistv5
Published
2012-12-20 11:00
Modified
2024-08-06 21:14
Severity ?
Summary
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21620048x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/80211vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
          },
          {
            "name": "PM72905",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
          },
          {
            "name": "rcq-sql-error-message(80211)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
        },
        {
          "name": "PM72905",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
        },
        {
          "name": "rcq-sql-error-message(80211)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620048"
            },
            {
              "name": "PM72905",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905"
            },
            {
              "name": "rcq-sql-error-message(80211)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80211"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5765",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5325
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-09-17 02:43
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://www.securityfocus.com/bid/32576vdb-entry, x_refsource_BID
http://secunia.com/advisories/32847third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/50369vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32576",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32576"
          },
          {
            "name": "32847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32847"
          },
          {
            "name": "50369",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/50369"
          },
          {
            "name": "PK69316",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-12-05T00:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32576",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32576"
        },
        {
          "name": "32847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32847"
        },
        {
          "name": "50369",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/50369"
        },
        {
          "name": "PK69316",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32576",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32576"
            },
            {
              "name": "32847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32847"
            },
            {
              "name": "50369",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/50369"
            },
            {
              "name": "PK69316",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5325",
    "datePublished": "2008-12-05T00:00:00Z",
    "dateReserved": "2008-12-04T00:00:00Z",
    "dateUpdated": "2024-09-17T02:43:02.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4602
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-08-07 03:51
Severity ?
Summary
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.
References
ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readmex_refsource_CONFIRM
http://www.securityfocus.com/bid/45646vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/64440vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:51:17.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
          },
          {
            "name": "45646",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45646"
          },
          {
            "name": "clearquest-webclient-sec-bypass(64440)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64440"
          },
          {
            "name": "PM20172",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass \"restricted user\" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
        },
        {
          "name": "45646",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45646"
        },
        {
          "name": "clearquest-webclient-sec-bypass(64440)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64440"
        },
        {
          "name": "PM20172",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass \"restricted user\" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
            },
            {
              "name": "45646",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45646"
            },
            {
              "name": "clearquest-webclient-sec-bypass(64440)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64440"
            },
            {
              "name": "PM20172",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4602",
    "datePublished": "2010-12-29T17:27:00",
    "dateReserved": "2010-12-29T00:00:00",
    "dateUpdated": "2024-08-07T03:51:17.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2994
Vulnerability from cvelistv5
Published
2005-09-20 04:00
Modified
2024-09-17 00:26
Severity ?
Summary
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
References
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=allx_refsource_CONFIRM
http://secunia.com/advisories/16717third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:29.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
          },
          {
            "name": "16717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-09-20T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
        },
        {
          "name": "16717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21216901\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
            },
            {
              "name": "16717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2994",
    "datePublished": "2005-09-20T04:00:00Z",
    "dateReserved": "2005-09-20T00:00:00Z",
    "dateUpdated": "2024-09-17T00:26:39.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5090
Vulnerability from cvelistv5
Published
2007-09-26 20:00
Modified
2024-08-07 15:17
Severity ?
Summary
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
References
http://www.securityfocus.com/bid/25810vdb-entry, x_refsource_BID
http://secunia.com/advisories/26899third-party-advisory, x_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=swg21268116x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3264vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1018735vdb-entry, x_refsource_SECTRACK
http://osvdb.org/40598vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/36771vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25810",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25810"
          },
          {
            "name": "26899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26899"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
          },
          {
            "name": "ADV-2007-3264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3264"
          },
          {
            "name": "1018735",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018735"
          },
          {
            "name": "40598",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40598"
          },
          {
            "name": "clearquest-unspecified-data-manipulation(36771)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25810",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25810"
        },
        {
          "name": "26899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26899"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
        },
        {
          "name": "ADV-2007-3264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3264"
        },
        {
          "name": "1018735",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018735"
        },
        {
          "name": "40598",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40598"
        },
        {
          "name": "clearquest-unspecified-data-manipulation(36771)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25810",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25810"
            },
            {
              "name": "26899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26899"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
            },
            {
              "name": "ADV-2007-3264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3264"
            },
            {
              "name": "1018735",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018735"
            },
            {
              "name": "40598",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40598"
            },
            {
              "name": "clearquest-unspecified-data-manipulation(36771)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5090",
    "datePublished": "2007-09-26T20:00:00",
    "dateReserved": "2007-09-26T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-4357
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-09-17 03:59
Severity ?
Summary
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
References
http://securitytracker.com/id?1023370vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/37385vdb-entry, x_refsource_BID
http://secunia.com/advisories/37811third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377vendor-advisory, x_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2009/3580vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1023370",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023370"
          },
          {
            "name": "37385",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37385"
          },
          {
            "name": "37811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37811"
          },
          {
            "name": "PK86377",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
          },
          {
            "name": "ADV-2009-3580",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3580"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-18T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1023370",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023370"
        },
        {
          "name": "37385",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37385"
        },
        {
          "name": "37811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37811"
        },
        {
          "name": "PK86377",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
        },
        {
          "name": "ADV-2009-3580",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3580"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1023370",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023370"
            },
            {
              "name": "37385",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37385"
            },
            {
              "name": "37811",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37811"
            },
            {
              "name": "PK86377",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
            },
            {
              "name": "ADV-2009-3580",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3580"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4357",
    "datePublished": "2009-12-18T19:00:00Z",
    "dateReserved": "2009-12-18T00:00:00Z",
    "dateUpdated": "2024-09-17T03:59:45.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5328
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 10:49
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/32847third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46995vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK65908",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
          },
          {
            "name": "32847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32847"
          },
          {
            "name": "clearquest-maintenance-info-disclosure(46995)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK65908",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
        },
        {
          "name": "32847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32847"
        },
        {
          "name": "clearquest-maintenance-info-disclosure(46995)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK65908",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
            },
            {
              "name": "32847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32847"
            },
            {
              "name": "clearquest-maintenance-info-disclosure(46995)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5328",
    "datePublished": "2008-12-05T00:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1390
Vulnerability from cvelistv5
Published
2012-05-14 22:00
Modified
2024-08-06 22:21
Severity ?
Summary
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
References
http://osvdb.org/81815vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/53483vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1027060vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/49093third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21594717x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/71802vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "81815",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81815"
          },
          {
            "name": "53483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53483"
          },
          {
            "name": "1027060",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027060"
          },
          {
            "name": "49093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
          },
          {
            "name": "rcq-maintenancetool-sql-injection(71802)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "81815",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81815"
        },
        {
          "name": "53483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53483"
        },
        {
          "name": "1027060",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027060"
        },
        {
          "name": "49093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
        },
        {
          "name": "rcq-maintenancetool-sql-injection(71802)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "81815",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81815"
            },
            {
              "name": "53483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53483"
            },
            {
              "name": "1027060",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027060"
            },
            {
              "name": "49093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49093"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
            },
            {
              "name": "rcq-maintenancetool-sql-injection(71802)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1390",
    "datePublished": "2012-05-14T22:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4839
Vulnerability from cvelistv5
Published
2012-12-20 11:00
Modified
2024-08-06 20:50
Severity ?
Summary
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21620342x_refsource_CONFIRM
http://www.securitytracker.com/id?1027889vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/79068vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
          },
          {
            "name": "1027889",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027889"
          },
          {
            "name": "rcq-iframes-xss(79068)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
        },
        {
          "name": "1027889",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027889"
        },
        {
          "name": "rcq-iframes-xss(79068)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"
            },
            {
              "name": "1027889",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027889"
            },
            {
              "name": "rcq-iframes-xss(79068)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4839",
    "datePublished": "2012-12-20T11:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2922
Vulnerability from cvelistv5
Published
2018-08-13 16:00
Modified
2024-09-16 23:10
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
References
https://www.ibm.com/support/docview.wss?uid=ibm10718377x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/113353vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
          },
          {
            "name": "ibm-clearquest-cve20162922-spoofing(113353)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.11"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.12"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.13"
            },
            {
              "status": "affected",
              "version": "8.0.1.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.14"
            },
            {
              "status": "affected",
              "version": "8.0.1.7"
            },
            {
              "status": "affected",
              "version": "8.0.0.15"
            },
            {
              "status": "affected",
              "version": "8.0.1.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.16"
            },
            {
              "status": "affected",
              "version": "8.0.1.9"
            },
            {
              "status": "affected",
              "version": "8.0.0.17"
            },
            {
              "status": "affected",
              "version": "8.0.1.10"
            },
            {
              "status": "affected",
              "version": "8.0.0.18"
            },
            {
              "status": "affected",
              "version": "8.0.1.11"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.19"
            },
            {
              "status": "affected",
              "version": "8.0.1.12"
            },
            {
              "status": "affected",
              "version": "9.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.20"
            },
            {
              "status": "affected",
              "version": "8.0.1.13"
            },
            {
              "status": "affected",
              "version": "9.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.21"
            },
            {
              "status": "affected",
              "version": "8.0.1.14"
            },
            {
              "status": "affected",
              "version": "9.0.0.4"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.15"
            },
            {
              "status": "affected",
              "version": "9.0.0.5"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.16"
            },
            {
              "status": "affected",
              "version": "9.0.0.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.17"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-13T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
        },
        {
          "name": "ibm-clearquest-cve20162922-spoofing(113353)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-09T00:00:00",
          "ID": "CVE-2016-2922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational ClearQuest",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.1.1"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "8.0.0.11"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "8.0.0.12"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "8.0.0.13"
                          },
                          {
                            "version_value": "8.0.1.6"
                          },
                          {
                            "version_value": "8.0.0.14"
                          },
                          {
                            "version_value": "8.0.1.7"
                          },
                          {
                            "version_value": "8.0.0.15"
                          },
                          {
                            "version_value": "8.0.1.8"
                          },
                          {
                            "version_value": "8.0.0.16"
                          },
                          {
                            "version_value": "8.0.1.9"
                          },
                          {
                            "version_value": "8.0.0.17"
                          },
                          {
                            "version_value": "8.0.1.10"
                          },
                          {
                            "version_value": "8.0.0.18"
                          },
                          {
                            "version_value": "8.0.1.11"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.19"
                          },
                          {
                            "version_value": "8.0.1.12"
                          },
                          {
                            "version_value": "9.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.20"
                          },
                          {
                            "version_value": "8.0.1.13"
                          },
                          {
                            "version_value": "9.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.21"
                          },
                          {
                            "version_value": "8.0.1.14"
                          },
                          {
                            "version_value": "9.0.0.4"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.0.1.15"
                          },
                          {
                            "version_value": "9.0.0.5"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.1.16"
                          },
                          {
                            "version_value": "9.0.0.6"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.17"
                          },
                          {
                            "version_value": "9.0.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
            },
            {
              "name": "ibm-clearquest-cve20162922-spoofing(113353)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2922",
    "datePublished": "2018-08-13T16:00:00Z",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:10:24.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5329
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 10:49
Severity ?
Summary
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/46993vdb-entry, x_refsource_XF
http://secunia.com/advisories/32847third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-sql-information-disclosure(46993)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46993"
          },
          {
            "name": "32847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32847"
          },
          {
            "name": "PK38745",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client\u0027s submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "clearquest-sql-information-disclosure(46993)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46993"
        },
        {
          "name": "32847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32847"
        },
        {
          "name": "PK38745",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client\u0027s submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-sql-information-disclosure(46993)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46993"
            },
            {
              "name": "32847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32847"
            },
            {
              "name": "PK38745",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5329",
    "datePublished": "2008-12-05T00:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1287
Vulnerability from cvelistv5
Published
2008-03-11 17:00
Modified
2024-08-07 08:17
Severity ?
Summary
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
References
http://www.securitytracker.com/id?1019566vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042vdb-entry, x_refsource_XF
http://secunia.com/advisories/29280third-party-advisory, x_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561vendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/bid/28132vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/0804/referencesvdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:33.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019566",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019566"
          },
          {
            "name": "clearquest-username-information-disclosure(41042)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042"
          },
          {
            "name": "29280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29280"
          },
          {
            "name": "PK55561",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561"
          },
          {
            "name": "28132",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28132"
          },
          {
            "name": "ADV-2008-0804",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0804/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1019566",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019566"
        },
        {
          "name": "clearquest-username-information-disclosure(41042)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042"
        },
        {
          "name": "29280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29280"
        },
        {
          "name": "PK55561",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561"
        },
        {
          "name": "28132",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28132"
        },
        {
          "name": "ADV-2008-0804",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0804/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019566",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019566"
            },
            {
              "name": "clearquest-username-information-disclosure(41042)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042"
            },
            {
              "name": "29280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29280"
            },
            {
              "name": "PK55561",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561"
            },
            {
              "name": "28132",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28132"
            },
            {
              "name": "ADV-2008-0804",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0804/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1287",
    "datePublished": "2008-03-11T17:00:00",
    "dateReserved": "2008-03-11T00:00:00",
    "dateUpdated": "2024-08-07T08:17:33.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0744
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 18:38
Severity ?
Summary
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg21606317x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21599361x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/74671vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM66896",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361"
          },
          {
            "name": "rcq-installscripts-info-disclosure(74671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM66896",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361"
        },
        {
          "name": "rcq-installscripts-info-disclosure(74671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM66896",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21606317",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21599361",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361"
            },
            {
              "name": "rcq-installscripts-info-disclosure(74671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0744",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2168
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:26
Severity ?
Summary
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.
References
http://www.ibm.com/support/docview.wss?uid=swg21606319x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/75048vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21606319"
          },
          {
            "name": "PM61822",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822"
          },
          {
            "name": "rcq-stacktrace-info-disc(75048)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21606319"
        },
        {
          "name": "PM61822",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822"
        },
        {
          "name": "rcq-stacktrace-info-disc(75048)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75048"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2168",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21606319",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21606319"
            },
            {
              "name": "PM61822",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822"
            },
            {
              "name": "rcq-stacktrace-info-disc(75048)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75048"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2168",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4601
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-09-17 02:20
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/42624third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:51:17.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM01811",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811"
          },
          {
            "name": "42624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-29T17:27:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PM01811",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811"
        },
        {
          "name": "42624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM01811",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811"
            },
            {
              "name": "42624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4601",
    "datePublished": "2010-12-29T17:27:00Z",
    "dateReserved": "2010-12-29T00:00:00Z",
    "dateUpdated": "2024-09-17T02:20:51.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4600
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-09-16 17:07
Severity ?
Summary
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.
References
ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readmex_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/42624third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:51:17.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
          },
          {
            "name": "PM15146",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146"
          },
          {
            "name": "42624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an \"open direct\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-29T17:27:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
        },
        {
          "name": "PM15146",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146"
        },
        {
          "name": "42624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an \"open direct\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
            },
            {
              "name": "PM15146",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146"
            },
            {
              "name": "42624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4600",
    "datePublished": "2010-12-29T17:27:00Z",
    "dateReserved": "2010-12-29T00:00:00Z",
    "dateUpdated": "2024-09-16T17:07:53.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0950
Vulnerability from cvelistv5
Published
2018-04-20 21:00
Modified
2024-08-06 09:34
Severity ?
Summary
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21675164x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/92623vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
          },
          {
            "name": "ibm-clearquest-cve20140950-info-disc(92623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
        },
        {
          "name": "ibm-clearquest-cve20140950-info-disc(92623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675164"
            },
            {
              "name": "ibm-clearquest-cve20140950-info-disc(92623)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0950",
    "datePublished": "2018-04-20T21:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5757
Vulnerability from cvelistv5
Published
2013-03-21 20:00
Modified
2024-08-06 21:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/80061vdb-entry, x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21619993x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM77153",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
          },
          {
            "name": "rcq-reflected-xss(80061)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM77153",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
        },
        {
          "name": "rcq-reflected-xss(80061)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-5757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM77153",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
            },
            {
              "name": "rcq-reflected-xss(80061)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21619993",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-5757",
    "datePublished": "2013-03-21T20:00:00",
    "dateReserved": "2012-11-02T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0708
Vulnerability from cvelistv5
Published
2012-04-22 18:00
Modified
2024-08-06 18:30
Severity ?
Summary
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
References
http://www.securitytracker.com/id?1026958vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/73492vdb-entry, x_refsource_XF
http://osvdb.org/81443vdb-entry, x_refsource_OSVDB
http://www.ibm.com/support/docview.wss?uid=swg21591705x_refsource_CONFIRM
http://www.securityfocus.com/bid/53170vdb-entry, x_refsource_BID
http://secunia.com/advisories/48933third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:53.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1026958",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026958"
          },
          {
            "name": "rcq-cqole-activex-bo(73492)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73492"
          },
          {
            "name": "81443",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81443"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21591705"
          },
          {
            "name": "53170",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53170"
          },
          {
            "name": "48933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48933"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1026958",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026958"
        },
        {
          "name": "rcq-cqole-activex-bo(73492)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73492"
        },
        {
          "name": "81443",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81443"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21591705"
        },
        {
          "name": "53170",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53170"
        },
        {
          "name": "48933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48933"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0708",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1026958",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026958"
            },
            {
              "name": "rcq-cqole-activex-bo(73492)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73492"
            },
            {
              "name": "81443",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81443"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21591705",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21591705"
            },
            {
              "name": "53170",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53170"
            },
            {
              "name": "48933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48933"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0708",
    "datePublished": "2012-04-22T18:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:53.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1288
Vulnerability from cvelistv5
Published
2008-03-11 17:00
Modified
2024-08-07 08:17
Severity ?
Summary
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
References
http://www.securityfocus.com/bid/28133vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1019567vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/29280third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/41043vdb-entry, x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753vendor-advisory, x_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2008/0804/referencesvdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:33.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28133",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28133"
          },
          {
            "name": "1019567",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019567"
          },
          {
            "name": "29280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29280"
          },
          {
            "name": "clearquest-cookie-information-disclosure(41043)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41043"
          },
          {
            "name": "PK55753",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753"
          },
          {
            "name": "ADV-2008-0804",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0804/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28133",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28133"
        },
        {
          "name": "1019567",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019567"
        },
        {
          "name": "29280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29280"
        },
        {
          "name": "clearquest-cookie-information-disclosure(41043)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41043"
        },
        {
          "name": "PK55753",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753"
        },
        {
          "name": "ADV-2008-0804",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0804/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1288",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28133",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28133"
            },
            {
              "name": "1019567",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019567"
            },
            {
              "name": "29280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29280"
            },
            {
              "name": "clearquest-cookie-information-disclosure(41043)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41043"
            },
            {
              "name": "PK55753",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55753"
            },
            {
              "name": "ADV-2008-0804",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0804/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1288",
    "datePublished": "2008-03-11T17:00:00",
    "dateReserved": "2008-03-11T00:00:00",
    "dateUpdated": "2024-08-07T08:17:33.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1468
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/33001vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/22981vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/2442third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/462919/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/24523third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1017786vdb-entry, x_refsource_SECTRACK
http://osvdb.org/34346vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/1036vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:08.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-defecttracking-xss(33001)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33001"
          },
          {
            "name": "22981",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22981"
          },
          {
            "name": "2442",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2442"
          },
          {
            "name": "20070315 IBM Rational ClearQuest Web - Cross Site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462919/100/0/threaded"
          },
          {
            "name": "24523",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24523"
          },
          {
            "name": "1017786",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017786"
          },
          {
            "name": "34346",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34346"
          },
          {
            "name": "ADV-2007-1036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "clearquest-defecttracking-xss(33001)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33001"
        },
        {
          "name": "22981",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22981"
        },
        {
          "name": "2442",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2442"
        },
        {
          "name": "20070315 IBM Rational ClearQuest Web - Cross Site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462919/100/0/threaded"
        },
        {
          "name": "24523",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24523"
        },
        {
          "name": "1017786",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017786"
        },
        {
          "name": "34346",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34346"
        },
        {
          "name": "ADV-2007-1036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1468",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-defecttracking-xss(33001)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33001"
            },
            {
              "name": "22981",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22981"
            },
            {
              "name": "2442",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2442"
            },
            {
              "name": "20070315 IBM Rational ClearQuest Web - Cross Site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462919/100/0/threaded"
            },
            {
              "name": "24523",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24523"
            },
            {
              "name": "1017786",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017786"
            },
            {
              "name": "34346",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34346"
            },
            {
              "name": "ADV-2007-1036",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1468",
    "datePublished": "2007-03-16T21:00:00",
    "dateReserved": "2007-03-16T00:00:00",
    "dateUpdated": "2024-08-07T12:59:08.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5326
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 10:49
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/46994vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/32847third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/32577vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-editboxes-info-disclosure(46994)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46994"
          },
          {
            "name": "PK30938",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938"
          },
          {
            "name": "32847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32847"
          },
          {
            "name": "32577",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32577"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "clearquest-editboxes-info-disclosure(46994)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46994"
        },
        {
          "name": "PK30938",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938"
        },
        {
          "name": "32847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32847"
        },
        {
          "name": "32577",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32577"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-editboxes-info-disclosure(46994)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46994"
            },
            {
              "name": "PK30938",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938"
            },
            {
              "name": "32847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32847"
            },
            {
              "name": "32577",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32577"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5326",
    "datePublished": "2008-12-05T00:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2205
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg21605838x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/77094vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM61670",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838"
          },
          {
            "name": "rcq-workspace-xss(77094)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM61670",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838"
        },
        {
          "name": "rcq-workspace-xss(77094)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM61670",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21605838",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838"
            },
            {
              "name": "rcq-workspace-xss(77094)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2205",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2211
Vulnerability from cvelistv5
Published
2009-06-25 17:00
Modified
2024-09-17 03:18
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://secunia.com/advisories/35564third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1022456vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:44:55.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35564",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35564"
          },
          {
            "name": "PK77030",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
          },
          {
            "name": "1022456",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022456"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-25T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35564",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35564"
        },
        {
          "name": "PK77030",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
        },
        {
          "name": "1022456",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022456"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35564",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35564"
            },
            {
              "name": "PK77030",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
            },
            {
              "name": "1022456",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022456"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2211",
    "datePublished": "2009-06-25T17:00:00Z",
    "dateReserved": "2009-06-25T00:00:00Z",
    "dateUpdated": "2024-09-17T03:18:46.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5330
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 10:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
References
http://www.vupen.com/english/advisories/2008/3330vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/32957third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972vendor-advisory, x_refsource_AIXAPAR
http://securitytracker.com/id?1021295vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/32574vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/46983vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-3330",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3330"
          },
          {
            "name": "32957",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32957"
          },
          {
            "name": "PK70972",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972"
          },
          {
            "name": "1021295",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021295"
          },
          {
            "name": "32574",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32574"
          },
          {
            "name": "ibm-clearcase-interface-xss(46983)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46983"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-3330",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3330"
        },
        {
          "name": "32957",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32957"
        },
        {
          "name": "PK70972",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972"
        },
        {
          "name": "1021295",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021295"
        },
        {
          "name": "32574",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32574"
        },
        {
          "name": "ibm-clearcase-interface-xss(46983)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46983"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-3330",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3330"
            },
            {
              "name": "32957",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32957"
            },
            {
              "name": "PK70972",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972"
            },
            {
              "name": "1021295",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021295"
            },
            {
              "name": "32574",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32574"
            },
            {
              "name": "ibm-clearcase-interface-xss(46983)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46983"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5330",
    "datePublished": "2008-12-05T00:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2164
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:26
Severity ?
Summary
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/75039vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg21606318x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rcq-parameter-tampering(75039)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75039"
          },
          {
            "name": "PM62735",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21606318"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "rcq-parameter-tampering(75039)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75039"
        },
        {
          "name": "PM62735",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21606318"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rcq-parameter-tampering(75039)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75039"
            },
            {
              "name": "PM62735",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21606318",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21606318"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2164",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3041
Vulnerability from cvelistv5
Published
2013-10-01 00:00
Modified
2024-08-06 16:00
Severity ?
Summary
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/84724vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21648086x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-cve20133041-info-disclosure(84724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "clearquest-cve20133041-info-disclosure(84724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a \"JSON hijacking attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-cve20133041-info-disclosure(84724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84724"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3041",
    "datePublished": "2013-10-01T00:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8925
Vulnerability from cvelistv5
Published
2015-03-25 01:00
Modified
2024-08-06 13:33
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21699148x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-25T01:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8925",
    "datePublished": "2015-03-25T01:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4592
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 15:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
References
http://www.securityfocus.com/archive/1/489861/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/0952/referencesvdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1019685vdb-entry, x_refsource_SECTRACK
http://securityreason.com/securityalert/3753third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/28296vdb-entry, x_refsource_BID
http://secunia.com/advisories/29467third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/41328vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:01:09.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
          },
          {
            "name": "ADV-2008-0952",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0952/references"
          },
          {
            "name": "1019685",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019685"
          },
          {
            "name": "3753",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3753"
          },
          {
            "name": "28296",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28296"
          },
          {
            "name": "29467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29467"
          },
          {
            "name": "rational-clearquest-webinterface-xss(41328)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
        },
        {
          "name": "ADV-2008-0952",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0952/references"
        },
        {
          "name": "1019685",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019685"
        },
        {
          "name": "3753",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3753"
        },
        {
          "name": "28296",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28296"
        },
        {
          "name": "29467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29467"
        },
        {
          "name": "rational-clearquest-webinterface-xss(41328)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
            },
            {
              "name": "ADV-2008-0952",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0952/references"
            },
            {
              "name": "1019685",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019685"
            },
            {
              "name": "3753",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3753"
            },
            {
              "name": "28296",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28296"
            },
            {
              "name": "29467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29467"
            },
            {
              "name": "rational-clearquest-webinterface-xss(41328)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4592",
    "datePublished": "2008-03-20T00:00:00",
    "dateReserved": "2007-08-29T00:00:00",
    "dateUpdated": "2024-08-07T15:01:09.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4368
Vulnerability from cvelistv5
Published
2007-08-15 23:00
Modified
2024-08-07 14:53
Severity ?
Summary
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/36012vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/3012third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/25324vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/4286exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/476475/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://osvdb.org/36478vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id?1018569vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-username-sql-injection(36012)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36012"
          },
          {
            "name": "3012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3012"
          },
          {
            "name": "25324",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25324"
          },
          {
            "name": "4286",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4286"
          },
          {
            "name": "20070814 IBM Rational ClearQuest Web SQL Injection Login Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476475/100/0/threaded"
          },
          {
            "name": "36478",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36478"
          },
          {
            "name": "1018569",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018569"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "clearquest-username-sql-injection(36012)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36012"
        },
        {
          "name": "3012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3012"
        },
        {
          "name": "25324",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25324"
        },
        {
          "name": "4286",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4286"
        },
        {
          "name": "20070814 IBM Rational ClearQuest Web SQL Injection Login Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476475/100/0/threaded"
        },
        {
          "name": "36478",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36478"
        },
        {
          "name": "1018569",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018569"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4368",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-username-sql-injection(36012)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36012"
            },
            {
              "name": "3012",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3012"
            },
            {
              "name": "25324",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25324"
            },
            {
              "name": "4286",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4286"
            },
            {
              "name": "20070814 IBM Rational ClearQuest Web SQL Injection Login Bypass",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476475/100/0/threaded"
            },
            {
              "name": "36478",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36478"
            },
            {
              "name": "1018569",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018569"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4368",
    "datePublished": "2007-08-15T23:00:00",
    "dateReserved": "2007-08-15T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4603
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-08-07 03:51
Severity ?
Summary
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/64439vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186vendor-advisory, x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21125139x_refsource_CONFIRM
ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readmex_refsource_CONFIRM
http://www.securityfocus.com/bid/45648vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:51:17.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "clearquest-back-reference-sec-bypass(64439)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
          },
          {
            "name": "PM22186",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
          },
          {
            "name": "45648",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45648"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "clearquest-back-reference-sec-bypass(64439)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
        },
        {
          "name": "PM22186",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
        },
        {
          "name": "45648",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45648"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "clearquest-back-reference-sec-bypass(64439)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
            },
            {
              "name": "PM22186",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
            },
            {
              "name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
            },
            {
              "name": "45648",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45648"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4603",
    "datePublished": "2010-12-29T17:27:00",
    "dateReserved": "2010-12-29T00:00:00",
    "dateUpdated": "2024-08-07T03:51:17.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2165
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:26
Severity ?
Summary
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/75040vdb-entry, x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21606385x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.349Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM62740",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740"
          },
          {
            "name": "rcq-query-info-disclosure(75040)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75040"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21606385"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM62740",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740"
        },
        {
          "name": "rcq-query-info-disclosure(75040)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75040"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21606385"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM62740",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740"
            },
            {
              "name": "rcq-query-info-disclosure(75040)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75040"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21606385",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21606385"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2165",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2169
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg21607783x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/75049vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM62762",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783"
          },
          {
            "name": "rcq-filedesc-xss(75049)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM62762",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783"
        },
        {
          "name": "rcq-filedesc-xss(75049)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM62762",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21607783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783"
            },
            {
              "name": "rcq-filedesc-xss(75049)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2169",
    "datePublished": "2012-08-17T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5327
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 10:49
Severity ?
Summary
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/32847third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46995vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK65908",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
          },
          {
            "name": "32847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32847"
          },
          {
            "name": "clearquest-maintenance-info-disclosure(46995)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK65908",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
        },
        {
          "name": "32847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32847"
        },
        {
          "name": "clearquest-maintenance-info-disclosure(46995)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK65908",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908"
            },
            {
              "name": "32847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32847"
            },
            {
              "name": "clearquest-maintenance-info-disclosure(46995)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46995"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5327",
    "datePublished": "2008-12-05T00:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1205
Vulnerability from cvelistv5
Published
2011-03-29 18:00
Modified
2024-08-06 22:21
Severity ?
Summary
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/66304vdb-entry, x_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/66324vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2011/0832vdb-entry, x_refsource_VUPEN
http://www.ibm.com/support/docview.wss?uid=swg21470998x_refsource_CONFIRM
http://www.securitytracker.com/id?1025269vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1025268vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:33.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rational-licensing-code-execution(66304)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
          },
          {
            "name": "rational-licensing-code-execution(66324)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
          },
          {
            "name": "ADV-2011-0832",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0832"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
          },
          {
            "name": "1025269",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025269"
          },
          {
            "name": "1025268",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025268"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rational-licensing-code-execution(66304)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
        },
        {
          "name": "rational-licensing-code-execution(66324)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
        },
        {
          "name": "ADV-2011-0832",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0832"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
        },
        {
          "name": "1025269",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025269"
        },
        {
          "name": "1025268",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025268"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rational-licensing-code-execution(66304)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304"
            },
            {
              "name": "rational-licensing-code-execution(66324)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324"
            },
            {
              "name": "ADV-2011-0832",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0832"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21470998",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998"
            },
            {
              "name": "1025269",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025269"
            },
            {
              "name": "1025268",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025268"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1205",
    "datePublished": "2011-03-29T18:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:21:33.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0598
Vulnerability from cvelistv5
Published
2013-09-28 01:00
Modified
2024-08-06 14:33
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185vendor-advisory, x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/83611vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21648665x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM88185",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
          },
          {
            "name": "clearquest-cve20130598-csrf(83611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM88185",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
        },
        {
          "name": "clearquest-cve20130598-csrf(83611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM88185",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185"
            },
            {
              "name": "clearquest-cve20130598-csrf(83611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0598",
    "datePublished": "2013-09-28T01:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5324
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-09-17 01:31
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK69316",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-12-05T00:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK69316",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK69316",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5324",
    "datePublished": "2008-12-05T00:00:00Z",
    "dateReserved": "2008-12-04T00:00:00Z",
    "dateUpdated": "2024-09-17T01:31:14.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2517
Vulnerability from cvelistv5
Published
2010-06-30 18:00
Modified
2024-09-16 17:58
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
References
http://secunia.com/advisories/40341third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1615vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/41205vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:36.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40341",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40341"
          },
          {
            "name": "ADV-2010-1615",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1615"
          },
          {
            "name": "41205",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41205"
          },
          {
            "name": "PM07157",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-30T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "40341",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40341"
        },
        {
          "name": "ADV-2010-1615",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1615"
        },
        {
          "name": "41205",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41205"
        },
        {
          "name": "PM07157",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2517",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40341",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40341"
            },
            {
              "name": "ADV-2010-1615",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1615"
            },
            {
              "name": "41205",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41205"
            },
            {
              "name": "PM07157",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2517",
    "datePublished": "2010-06-30T18:00:00Z",
    "dateReserved": "2010-06-30T00:00:00Z",
    "dateUpdated": "2024-09-16T17:58:20.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28796
Vulnerability from cvelistv5
Published
2024-07-17 18:14
Modified
2024-08-02 00:56
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
References
https://www.ibm.com/support/pages/node/7160390vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/286833vdb-entry
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T13:18:51.348465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T14:33:18.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7160390"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:rational_clearquest:9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:rational_clearquest:9.1.0.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "ClearQuest",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "9.1.0.6",
              "status": "affected",
              "version": "9.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
            }
          ],
          "value": "IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286833."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T18:14:45.862Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7160390"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286833"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28796",
    "datePublished": "2024-07-17T18:14:45.862Z",
    "dateReserved": "2024-03-10T12:23:33.662Z",
    "dateUpdated": "2024-08-02T00:56:58.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4996
Vulnerability from cvelistv5
Published
2016-01-02 02:00
Modified
2024-08-06 06:32
Severity ?
Summary
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
References
http://www.securitytracker.com/id/1034558vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21972331x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034558",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1034558",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034558",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034558"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972331"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4996",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}