Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0C52DB4B14B4AD5421C180C52FBC06DC01ECC1348F433F22E8AB6B98F99124C5
HistoryJul 19, 2024 - 6:56 p.m.

Security Bulletin: A Stored Cross-Site Scripting (XSS) security vulnerability has been identified in IBM Rational ClearQuest (CVE-2024-28796)

2024-07-1918:56:57
www.ibm.com
7
ibm rational clearquest
xss vulnerability
cve-2024-28796
version 9.1.0.7

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.3%

JSON

Summary

An XSS security vulnerability has been identified in IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the CVE (CVE-2024-28796)

Vulnerability Details

CVEID:CVE-2024-28796
**DESCRIPTION:**IBM ClearQuest (CQ) is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286833 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearQuest 9.1 - 9.1.0.6

Remediation/Fixes

Apply the relevant fixes as listed in the table below.

Affected Versions

|

Applying the fix

—|—

9.1 - 9.1.0.6

| Install Rational ClearQuest Fix Pack 7 (9.1.0.7) for 9.1

For 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearquestMatch8.0.0
OR
ibmrational_clearquestMatch8.0.1
OR
ibmrational_clearquestMatch9.0.0
OR
ibmrational_clearquestMatch9.0.1
OR
ibmrational_clearquestMatch9.0.2
VendorProductVersionCPE
ibmrational_clearquest8.0.0cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
ibmrational_clearquest8.0.1cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.0cpe:2.3:a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
ibmrational_clearquest9.0.1cpe:2.3:a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.2cpe:2.3:a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*

Related

nvd 1
cve 1
cvelist 1
vulnrichment 1
nvd
nvd
CVE-2024-28796
2024-07-17 19:15:10
cve
cve
CVE-2024-28796
2024-07-17 19:15:10
cvelist
cvelist
CVE-2024-28796
2024-07-17 18:14:45
vulnrichment
vulnrichment
CVE-2024-28796
2024-07-17 18:14:45

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.3%

JSON
Related for 0C52DB4B14B4AD5421C180C52FBC06DC01ECC1348F433F22E8AB6B98F99124C5
nvd1cve1cvelist1vulnrichment1