IBMFB9D2EF11DD867FDC149A801EFA5AE19092490E4FCCA395CAEA6CEA436E0616FSecurity Bulletin: ClearQuest SQL Error Message Attack Vulnerability (CVE-2012-5765)
0.003 Low
EPSS
Percentile
69.1%
Summary
IBM Rational ClearQuest Web client contains SQL Error Message Attack vulnerability.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2012-5765****
Description: The ClearQuest Web client is vulnerable to a SQL Error Message Attack. Such attacks may disclose information which is helpful in creating other attacks such as server information, or information contained in the database. SQL Error Message Attacks are considered a form of SQL Injection Attack.
This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/80211> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
ClearQuest Web Clients prior to version 7.1.2.9 or version 8.0.0.5.
Remediation/Fixes
Upgrade to ClearQuest version 7.1.2.9 or 8.0.0.5.
- 8.0.0.5: Download document 4033979
- 7.1.2.9: Download document 4033977
Workarounds and Mitigations
Workaround: Use ClearQuest desktop applications
Mitigation: None
Related
0.003 Low
EPSS
Percentile
69.1%