Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_RATIONAL_CLEARQUEST_7_1_2_9.NASL
HistoryDec 21, 2012 - 12:00 a.m.

IBM Rational ClearQuest 7.1.x < 7.1.2.9 / 8.0.0.x < 8.0.0.5 Multiple Vulnerabilities (credentialed check)

2012-12-2100:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
48

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.9 / 8.0.0.x prior to 8.0.0.5 installed. It is, therefore, affected by the following vulnerabilities :

  • An unspecified input validation error exists related to the Open Services for Lifecycle Collaboration (OSLC) system that can allow cross-site scripting attacks. Note that this issue only affects systems if the ‘CQ Web Server’ is deployed. This vulnerability only affects the 7.1.2.x versions of ClearQuest. (CVE-2012-4839)

  • An unspecified input validation error exists that can allow sensitive information to be disclosed via SQL error messages. (CVE-2012-5765 / PM72905)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63323);
  script_version("1.7");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id("CVE-2012-4839", "CVE-2012-5765");
  script_bugtraq_id(56946);

  script_name(english:"IBM Rational ClearQuest 7.1.x < 7.1.2.9 / 8.0.0.x < 8.0.0.5 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks the version of IBM Rational ClearQuest.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of IBM Rational ClearQuest 7.1.x prior
to 7.1.2.9 / 8.0.0.x prior to 8.0.0.5 installed. It is, therefore,
affected by the following vulnerabilities :

  - An unspecified input validation error exists related to
    the Open Services for Lifecycle Collaboration (OSLC)
    system that can allow cross-site scripting attacks. Note
    that this issue only affects systems if the 'CQ Web
    Server' is deployed. This vulnerability only affects the
    7.1.2.x versions of ClearQuest. (CVE-2012-4839)

  - An unspecified input validation error exists that can
    allow sensitive information to be disclosed via SQL
    error messages. (CVE-2012-5765 / PM72905)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21620342");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21620048");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21620296");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Rational ClearQuest 7.1.2.9 / 8.0.0.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5765");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_rational_clearquest_installed.nasl");
  script_require_keys("installed_sw/IBM Rational ClearQuest");

  exit(0);
}

include('ibm_rational_clearquest_version.inc');

rational_clearquest_check_version(
  fixes:make_nested_list(
    make_array("Min", "7.1.0", "Fix UI", "7.1.2.9", "Fix", "7.1209.0.148"),
    make_array("Min", "8.0.0", "Fix UI", "8.0.0.5", "Fix", "8.5.0.691")),
  components:make_list("Web Client"),
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
ibmrational_clearquestcpe:/a:ibm:rational_clearquest

Related

cvelist 2
nvd 2
ibm 2
cve 2
prion 2
cvelist
cvelist
CVE-2012-4839
2012-12-20 11:00:00
CVE-2012-5765
2012-12-20 11:00:00
nvd
nvd
CVE-2012-4839
2012-12-20 12:02:17
CVE-2012-5765
2012-12-20 12:02:19
ibm
ibm
Security Bulletin: ClearQuest Phishing Through Frames Vulnerability (CVE-2012-4839)
2018-06-17 04:42:22
Security Bulletin: ClearQuest SQL Error Message Attack Vulnerability (CVE-2012-5765)
2018-06-17 04:42:22
cve
cve
CVE-2012-5765
2012-12-20 12:02:19
CVE-2012-4839
2012-12-20 12:02:17
prion
prion
Design/Logic Flaw
2012-12-20 12:02:00
Information disclosure
2012-12-20 12:02:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON
Related for IBM_RATIONAL_CLEARQUEST_7_1_2_9.NASL
cvelist2nvd2ibm2cve2prion2