IBMF81EB9895152BB69869441EF797B023207C8C7D6729974E677685F62593B6705Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041)
0.002 Low
EPSS
Percentile
61.7%
Summary
A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2013-3041
**Description:**An unspecified vulnerability in IBM Rational ClearQuest Web Client could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the ClearQuest Web Server and the browser.
CVSS Base Score: 2.6 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84724> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Rational ClearQuest Web 7.1 through 7.1.2.10, 8.0 through 8.0.0.7, and 8.0.1
Remediation/Fixes
Upgrade to one of the below versions of IBM Rational ClearQuest:
- Rational ClearQuest Fix Pack 1 (8.0.1.1) for 8.0.1
- Rational ClearQuest Fix Pack 8 (8.0.0.8) for 8.0
- Rational ClearQuest Fix Pack 12 (7.1.2.12) for 7.1.2
Workarounds and Mitigations
None
Related
0.002 Low
EPSS
Percentile
61.7%