Cross site request forgery (csrf)

2015-03-2501:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

CPENameOperatorVersion
rational_clearquesteq8.0.0.7
rational_clearquesteq8.0.1.4
rational_clearquesteq7.1.1.6
rational_clearquesteq8.0.0.10
rational_clearquesteq8.0.1.3
rational_clearquesteq7.1.2.2
rational_clearquesteq8.0.0.4
rational_clearquesteq7.1.2.1
rational_clearquesteq7.1.2.10
rational_clearquesteq7.1.2.13

Name	Operator	Version
rational_clearquest	eq	8.0.0.7
rational_clearquest	eq	8.0.1.4
rational_clearquest	eq	7.1.1.6
rational_clearquest	eq	8.0.0.10
rational_clearquest	eq	8.0.1.3
rational_clearquest	eq	7.1.2.2
rational_clearquest	eq	8.0.0.4
rational_clearquest	eq	7.1.2.1
rational_clearquest	eq	7.1.2.10
rational_clearquest	eq	7.1.2.13