IBM741E494F02213A59151F881E2C779D3EF9B4AB2371D05348094B6927DC5B6CCCSecurity Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598)
0.001 Low
EPSS
Percentile
48.7%
Summary
A Cross-Site Request Forgery (CSRF) Attack vulnerability exists in IBM Rational ClearQuest Web Client.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2013-0598
Description:
An unspecified vulnerability in IBM Rational ClearQuest Web Client could allow an attacker to perform a Cross-Site Request Forgery (CSRF) Attack. A CSRF Attack may trick the user’s web browser to perform an unwanted action.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83611> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/AU:S/C:N/I:P/A:N)
Affected Products and Versions
Rational ClearQuest Web 7.1 through 7.1.2.10, 8.0 through 8.0.0.7, and 8.0.1
Remediation/Fixes
Upgrade to one of the below versions of IBM Rational ClearQuest:
- http://www.ibm.com/support/docview.wss?uid=swg24035652">Rational ClearQuest Fix Pack 12 (7.1.2.12) for 7.1.2
- http://www.ibm.com/support/docview.wss?uid=swg24035654">Rational ClearQuest Fix Pack 8 (8.0.0.8) for 8.0
- Rational ClearQuest Fix Pack 1 (8.0.1.1) for 8.0.1
Workarounds and Mitigations
Workaround: None
Mitigation: Do not visit malicious sites or click on malicious links.
Related
0.001 Low
EPSS
Percentile
48.7%