CVE-2024-28796

IBM ClearQuest CQ 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2024-28796

Summary: IBM Rational ClearQuest (CQ) 9.1–9.1.0.6 is vulnerable to a stored cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript that can alter functionality and potentially lead to credentials disclosure within a trusted session. Root cause (as described): lack of...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-22329)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329)

Summary A vulnerability has been found within the version of IBM WebSphere Liberty shipped with IBM MQ. Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to...

Security Bulletin: IBM MQ Appliance is vulnerable to sensitive information disclosure vulnerability (CVE-2020-4319)

Summary IBM MQ Appliance has resolved a sensitive information disclosure vulnerability. Vulnerability Details CVEID: CVE-2020-4319 DESCRIPTION: IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop could allow, under special circumstances, an authenticated user to obtain sensitive information due ...

Security Bulletin: IBM MQ Appliance is affected by multiple Java SE vulnerabilities

Summary IBM MQ Appliance has resolved multiple Java SE vulnerabilities. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low...

Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2020-5208)

Summary IBM MQ Appliance has resolved a buffer overflow vulnerability. Vulnerability Details CVEID: CVE-2020-5208 DESCRIPTION: ipmitool is vulnerable to a buffer overflow, caused by improper bounds checking by multiple functions. By sending specially crafted data, a remote authenticated attacker...

Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4498)

Summary IBM MQ Appliance has resovled an information disclosure vulnerability. Vulnerability Details CVEID: CVE-2020-4498 DESCRIPTION: IBM MQ could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. CVSS Base score: 4.1 CVSS Temporal...

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-18066)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2018-18066 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by an error in snmpoidcompare in snmplib/snmpapi.c. By sending a specially-crafted UDP packet, a remote attacker...