Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2020-2654)

Summary There is a vulnerability in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. This issue was disclosed as part of the IBM Java SDK updates in January 2020 deferred from Oracle Jan 2020 CPU. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTIO...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in the GSKit component of IBM Rational ClearQuest (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by an MD5 collision. An attacker could exploit this vulnerability t...

Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearQuest (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Rational ClearQuest. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this...

Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-3566, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by ClearQuest Web and ClearQuest EmailRelay. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed ...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearQuest (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin:...

Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-4263, CVE-2014-4244)

Summary Flaws in the IBM Java runtime Secure Sockets implementation may expose ClearQuest Web and EmailRelay communications to an attacker. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information...

Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012-5757)

Summary IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVE ID:...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM HTTP Server is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IBM HTTP Server have been published in several security bulletins. Vulnerability Details Please consult these security bulletins: Security Bulletin: Denial of service...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearQuest (CVE-2015-1920)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin: Security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearQuest (CVE-2016-0466)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin: Multiple...

Security Bulletin: Vulnerabilities in RC4 stream cipher affects ClearQuest (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Missing Secure Attribute in Encrypted Session (SSL) Cookie in ClearQuest Web (CVE-2014-3103)

Summary IBM Rational ClearQuest Web is vulnerable to Missing Secure Attribute in Encrypted Session SSL Cookie. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...

Security Bulletin: ClearQuest Web parameter tampering to elevated privileges (CVE-2012-2164)

Summary The IBM Rational ClearQuest Web client is subject to an elevated privileges attack. This allows an attacker to access the Site Administration menu. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

Security Bulletin: Information Disclosure ClearQuest Web stack traces (CVE-2012-2168)

Summary IBM Rational ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be assistance to attackers in crafting their attacks. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

Security Bulletin: ClearQuest Web leftover scripts (CVE-2012-0744)

Summary The IBM ClearQuest web server deployment into IBM WebSphere Application Server also installs some sample scripts. These are unnecessary and may provide information disclosure that could assist an attacker. Vulnerability Details | Subscribe to My Notifications to be notified of important...

Security Bulletin: ClearQuest Help System Open Redirect (CVE-2012-2159)

Summary Some scripts inside the IBM Rational ClearQuest web help application are vulnerable to Open Redirect attacks. Exploiting this vulnerability allows an attacker to provide a link to the victim which directs to the trusted website. If the user visits the link to the trusted website, the user...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

CVE-2014-8925

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

IBM Rational ClearQuest Cross-Site Request Forgery Vulnerability (CNVD-2015-01981)

IBM Rational ClearQuest is a suite of Application Lifecycle Management ALM software from IBM, USA. The software provides defect tracking, process customization, and real-time reporting for applications to improve visibility and control of the development cycle. A cross-site request forgery...