Security Bulletin: Information Disclosure ClearQuest Web stack traces (CVE-2012-2168)

Summary

IBM Rational ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be assistance to attackers in crafting their attacks.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID: CVE-2012-2168****

Description: ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be of assistance to attackers in crafting their attacks.

Starting with ClearQuest 7.1.2.7 and 8.0.0.3, this stack trace information is not displayed for CM Server web error messages.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75048&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected Products and Versions

IBM Rational ClearQuest Web prior to version 7.1.27 or 8.0.0.3.

Remediation/Fixes

Upgrade to one of the following releases:

• Rational ClearQuest Fix Pack 3 (8.0.0.3) for 8.0
• Rational ClearQuest Fix Pack 7 (7.1.2.7) for 7.1.2

Workarounds and Mitigations

Workaround:

Use ClearQuest desktop applications.

Mitigation:

None