Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.IBM_RATIONAL_CLEARQUEST_8_0_1_1.NASL
HistoryMar 12, 2015 - 12:00 a.m.

IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)

2015-03-1200:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
26

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.7%

JSON

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1 installed. It is, therefore, potentially affected by multiple vulnerabilities :

  • An unspecified cross-site request forgery (CSRF) vulnerability exists. (CVE-2013-0598)

  • An unspecified vulnerability allows for an attacker to perform JSON hijacking attacks. (CVE-2013-3041)

Note that these vulnerabilities only affect the Web Client component.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81780);
  script_version("1.3");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id("CVE-2013-0598", "CVE-2013-3041");
  script_bugtraq_id(62654, 62656);

  script_name(english:"IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks the version of IBM Rational ClearQuest.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of IBM Rational ClearQuest 7.1.x prior
to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1
installed. It is, therefore, potentially affected by multiple
vulnerabilities :

  - An unspecified cross-site request forgery (CSRF)
    vulnerability exists. (CVE-2013-0598)

  - An unspecified vulnerability allows for an attacker to
    perform JSON hijacking attacks. (CVE-2013-3041)

Note that these vulnerabilities only affect the Web Client component.");
  # CVE-2013-0598
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21648665");
  # CVE-2013-3041
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21648086");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Rational ClearQuest 7.1.2.12/ 8.0.0.8 / 8.0.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies('ibm_rational_clearquest_installed.nasl');
  script_require_keys('installed_sw/IBM Rational ClearQuest', "Settings/ParanoidReport");

  exit(0);
}

include('ibm_rational_clearquest_version.inc');

rational_clearquest_check_version(
  fixes:make_nested_list(
    make_array("Min", "7.1.0.0", "Fix UI", "7.1.2.12", "Fix", "7.1212.0.162"),
    make_array("Min", "8.0.0.0", "Fix UI", "8.0.0.8",  "Fix", "8.8.0.706"),
    make_array("Min", "8.0.1.0", "Fix UI", "8.0.1.1",  "Fix", "8.101.0.407")),
  components:make_list("Web Client"),
  severity:SECURITY_WARNING,
  xsrf:TRUE
);
VendorProductVersionCPE
ibmrational_clearquestcpe:/a:ibm:rational_clearquest

Related

cvelist 2
nvd 2
ibm 2
cve 2
prion 2
cvelist
cvelist
CVE-2013-3041
2013-10-01 00:00:00
CVE-2013-0598
2013-09-28 01:00:00
nvd
nvd
CVE-2013-3041
2013-10-01 00:55:12
CVE-2013-0598
2013-09-28 03:40:55
ibm
ibm
Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041)
2018-06-17 04:47:34
Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598)
2018-06-17 04:47:41
cve
cve
CVE-2013-3041
2013-10-01 00:55:12
CVE-2013-0598
2013-09-28 03:40:55
prion
prion
Information disclosure
2013-10-01 00:55:00
Cross site request forgery (csrf)
2013-09-28 03:40:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.7%

JSON
Related for IBM_RATIONAL_CLEARQUEST_8_0_1_1.NASL
cvelist2nvd2ibm2cve2prion2