Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Rational Clearquest Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2008-1287

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

6.5AI Score

0.009EPSS

2008-03-11 05:44 PM
28
cve
cve

CVE-2008-1288

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

5.9AI Score

0.007EPSS

2008-03-11 05:44 PM
27
cve
cve

CVE-2008-3550

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

5.6AI Score

0.003EPSS

2008-08-08 07:41 PM
31
cve
cve

CVE-2009-2212

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

6.6AI Score

0.001EPSS

2009-06-25 05:30 PM
28
cve
cve

CVE-2009-4357

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

6.4AI Score

0.002EPSS

2009-12-18 07:30 PM
28
cve
cve

CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

6.5AI Score

0.003EPSS

2010-12-29 06:00 PM
25
cve
cve

CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVX...

6.1AI Score

0.726EPSS

2012-08-17 08:55 PM
32
cve
cve

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

6.1AI Score

0.001EPSS

2012-08-17 08:55 PM
25
cve
cve

CVE-2012-5765

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

6.5AI Score

0.003EPSS

2012-12-20 12:02 PM
24
cve
cve

CVE-2015-4996

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

5.1CVSS

4.8AI Score

0.001EPSS

2016-01-02 05:59 AM
20
cve
cve

CVE-2016-2922

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X...

5.9CVSS

5.5AI Score

0.001EPSS

2018-08-13 04:29 PM
25