Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012-5757)

2018-09-2918:04:03

www.ibm.com

0.002 Low

EPSS

Percentile

55.1%

JSON

Summary

IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

Follow this link for more information (requires login with your IBM ID)
—|—

CVE ID: CVE-2012-5757

Description: The ClearQuest Web client contains a Cross-Site Scripting vulnerability. This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.

**CVSS Base Score:**4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/80061> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

ClearQuest Web Clients prior to version 7.1.2.10 or version 8.0.0.6.

Remediation/Fixes

Upgrade to one of the following:

Workarounds and Mitigations

Use ClearQuest desktop applications.

CPENameOperatorVersion
rational clearquesteq7.1
rational clearquesteq7.1.0.1
rational clearquesteq7.1.0.2
rational clearquesteq7.1.1
rational clearquesteq7.1.1.1
rational clearquesteq7.1.1.2
rational clearquesteq7.1.1.3
rational clearquesteq7.1.1.4
rational clearquesteq7.1.1.5
rational clearquesteq7.1.1.6

Name	Operator	Version
rational clearquest	eq	7.1
rational clearquest	eq	7.1.0.1
rational clearquest	eq	7.1.0.2
rational clearquest	eq	7.1.1
rational clearquest	eq	7.1.1.1
rational clearquest	eq	7.1.1.2
rational clearquest	eq	7.1.1.3
rational clearquest	eq	7.1.1.4
rational clearquest	eq	7.1.1.5
rational clearquest	eq	7.1.1.6

Rows per page:

1-10 of 281

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for 1BC3957C2D20A00DBC4C1E95A69FFB066E1E409F77340A14F5FBE0D47BA41FC1