Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IBM Rational ClearQuest 8.0.0.x < 8.0.0.9 / 8.0.1.x < 8.0.1.2 Information Disclosure (credentialed check)

🗓️ 12 Mar 2015 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 34 Views

IBM Rational ClearQuest 8.0.0.x < 8.0.0.9 / 8.0.1.x < 8.0.1.2 Information Disclosur

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Information Disclosure (CVE-2013-5422)
17 Jun 201804:50
ibm
CVE		CVE-2013-5422
19 Dec 201322:00
cve
Cvelist		CVE-2013-5422
19 Dec 201322:00
cvelist
EUVD		EUVD-2013-5262
7 Oct 202500:30
euvd
NVD		CVE-2013-5422
19 Dec 201322:55
nvd
Prion		Code injection
19 Dec 201322:55
prion
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81781);
  script_version("1.3");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id("CVE-2013-5422");
  script_bugtraq_id(64340);

  script_name(english:"IBM Rational ClearQuest 8.0.0.x < 8.0.0.9 / 8.0.1.x < 8.0.1.2 Information Disclosure (credentialed check)");
  script_summary(english:"Checks the version of IBM Rational ClearQuest.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by an
information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of IBM Rational ClearQuest 8.0.0.x
prior to 8.0.0.9 / 8.0.1.x prior to 8.0.1.2 installed. It is,
therefore, potentially affected by an unspecified information
disclosure vulnerability which allows an attacker to view database
names.

Note that this only affects the Web Client component when multiple
user databases are used.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21660036");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Rational ClearQuest 8.0.0.9 / 8.0.1.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies('ibm_rational_clearquest_installed.nasl');
  script_require_keys('installed_sw/IBM Rational ClearQuest', "Settings/ParanoidReport");

  exit(0);
}

include('ibm_rational_clearquest_version.inc');

rational_clearquest_check_version(
  fixes:make_nested_list(
    make_array("Min", "7.1.0.0", "Fix UI", "8.0.0.9", "Fix", "8.9.0.709"),
    make_array("Min", "8.0.1.0", "Fix UI", "8.0.1.2", "Fix", "8.102.0.411")),
  components:make_list("Web Client"),
  severity:SECURITY_WARNING,
  paranoid:TRUE   #only affects Web client component & multiple user databases must be used
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jul 2018 19:01Current
5.6Medium risk
Vulners AI Score5.6
CVSS 24.3
EPSS0.01191
ibm rational clearquestinformation disclosureweb client
34