vendor:
Rational ClearQuest
by:
SecurityFocus
7,5
CVSS
HIGH
HTML-injection, Information-disclosure, Security-bypass
79, 200, 287
CWE
Product Name: Rational ClearQuest
Affected Version From: IBM Rational ClearQuest 7.1.x through versions 7.1.2.7
Affected Version To: IBM Rational ClearQuest 8.x through versions 8.0.0.3
Patch Exists: YES
Related CWE: N/A
CPE: a:ibm:rational_clearquest:7.1.2.7
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
IBM Rational ClearQuest Multiple Security Vulnerabilities
IBM Rational ClearQuest is prone to multiple security vulnerabilities, including an HTML-injection vulnerability, multiple information-disclosure vulnerabilities, and a security-bypass vulnerability. Attackers may leverage these issues to obtain potentially sensitive session information, bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
Mitigation:
Users should apply the appropriate updates from the vendor to address these issues.
