Security Bulletin: SQL Injection for IBM Rational ClearQuest Maintenance tool (CVE-2011-1390)

Summary The IBM Rational ClearQuest Maintenance tool on Microsoft Windows platforms contains a feature to upgrade the user database. This feature is subject to a SQL Injection attack. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like thi...

IBM Rational ClearQuest 7.1.1.x < 7.1.1.9 / 7.1.2.x < 7.1.2.6 / 8.0.0.x < 8.0.0.2 Multiple Vulnerabilities (credentialed check)

The remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.9 / 7.1.2.x prior to 7.1.2.6 / 8.0.0.x prior to 8.0.0.2 installed. It is, therefore, affected by the following vulnerabilities : - A SQL injection vulnerability exists in the ClearQuest Maintenance tool when...

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature...

CVE-2011-1390

IBM Rational ClearQuest Maintenance tool on Windows is affected by a SQL Injection in the database upgrade feature. The vulnerability exists for ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2, where an attacker who can run the Maintenance tool and connect to the...