IBM0C88DE264CCB966117092247478FABE57008E418C8BF376A298B72FF92995633Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012-2169)
0.001 Low
EPSS
Percentile
35.7%
Summary
IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2012-2169****
Description: The ClearQuest Web client contains a Cross-Site Scripting vulnerability.
This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75049> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
ClearQuest Web Clients prior to version 7.1.2.7.
Note: This vulnerability does not exist in ClearQuest version 8.0.0.0 or later.
Remediation/Fixes
Upgrade to Rational ClearQuest Fix Pack 7 (7.1.2.7) for 7.1.2 Note: If you decide to upgrade to version 8.0 (where this issue does not exist), be sure to apply Rational ClearQuest Fix Pack 3 (8.0.0.3) for 8.0 or later to ensure that your update includes additional security fixes.
Workarounds and Mitigations
Workaround:
Use ClearQuest desktop applications.
Mitigation:
Examine text names in the ClearQuest Web client and do not input or execute text names that attempt to execute JavaScript code.
Related
0.001 Low
EPSS
Percentile
35.7%