Rational Clearquest Security Vulnerabilities and Issues — Rational Clearquest CVE List

Lucene search

IbmRational Clearquest

42 matches found

CVE•added 2007/09/26 8:17 p.m.•579 views

CVE-2007-5090

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

7.5CVSS9.3AI score0.00897EPSS

CVE•added 2012/04/22 6:55 p.m.•143 views

CVE-2012-0708

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByD...

9.3CVSS7.8AI score0.66566EPSS

CVE•added 2012/08/17 8:55 p.m.•52 views

CVE-2012-2165

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

3.5CVSS6.3AI score0.00151EPSS

CVE•added 2008/12/05 12:30 a.m.•51 views

CVE-2008-5327

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...

6.5CVSS5.8AI score0.00393EPSS

CVE•added 2010/12/29 6:0 p.m.•51 views

CVE-2010-4601

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.

10CVSS6.7AI score0.00494EPSS

CVE•added 2011/03/29 6:55 p.m.•51 views

CVE-2011-1205

Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zo...

6.9CVSS6.7AI score0.00052EPSS

CVE•added 2012/08/17 8:55 p.m.•48 views

CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVX...

5CVSS6.1AI score0.05964EPSS

CVE•added 2007/03/16 9:19 p.m.•46 views

CVE-2007-1468

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.

4.3CVSS5.5AI score0.00483EPSS

CVE•added 2008/12/05 12:30 a.m.•46 views

CVE-2008-5330

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_I...

4.3CVSS5.8AI score0.0225EPSS

CVE•added 2012/08/17 8:55 p.m.•45 views

CVE-2012-2205

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2013/09/28 3:40 a.m.•45 views

CVE-2013-0598

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.

6.8CVSS7.2AI score0.00119EPSS

CVE•added 2024/07/17 7:15 p.m.•45 views

CVE-2024-28796

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286...

6.4CVSS5.9AI score0.00081EPSS

CVE•added 2008/12/05 12:30 a.m.•44 views

CVE-2008-5324

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00202EPSS

CVE•added 2012/08/17 8:55 p.m.•44 views

CVE-2012-2169

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2008/08/08 7:41 p.m.•43 views

CVE-2008-3550

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

5CVSS5.6AI score0.00264EPSS

CVE•added 2012/05/14 10:55 p.m.•43 views

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

7.5CVSS8.4AI score0.00658EPSS

CVE•added 2012/12/20 12:2 p.m.•43 views

CVE-2012-4839

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.

4.3CVSS6.6AI score0.00227EPSS

CVE•added 2015/03/25 1:59 a.m.•43 views

CVE-2014-8925

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

6.8CVSS6.6AI score0.00148EPSS

CVE•added 2012/08/17 8:55 p.m.•42 views

CVE-2012-2168

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

4CVSS5.8AI score0.00179EPSS

CVE•added 2008/03/20 12:44 a.m.•41 views

CVE-2007-4592

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema p...

4.3CVSS5.6AI score0.16226EPSS

CVE•added 2010/12/29 6:0 p.m.•41 views

CVE-2010-4603

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have un...

6.5CVSS6.8AI score0.00673EPSS

CVE•added 2008/12/05 12:30 a.m.•40 views

CVE-2008-5325

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00322EPSS

CVE•added 2009/06/25 5:30 p.m.•40 views

CVE-2009-2212

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

5CVSS6.6AI score0.00267EPSS

CVE•added 2009/12/18 7:30 p.m.•40 views

CVE-2009-4357

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

5CVSS6.4AI score0.00337EPSS

CVE•added 2010/06/30 6:30 p.m.•40 views

CVE-2010-2517

Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

7.5CVSS6.8AI score0.0036EPSS

CVE•added 2008/03/11 5:44 p.m.•39 views

CVE-2008-1288

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

5CVSS5.9AI score0.00464EPSS

CVE•added 2007/08/15 11:17 p.m.•38 views

CVE-2007-4368

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

7.5CVSS8.2AI score0.06072EPSS

CVE•added 2009/06/25 5:30 p.m.•38 views

CVE-2009-2211

Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00289EPSS

CVE•added 2005/09/20 10:3 p.m.•37 views

CVE-2005-2994

Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).

6.8CVSS7.2AI score0.01045EPSS

CVE•added 2008/03/11 5:44 p.m.•37 views

CVE-2008-1287

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

5CVSS6.5AI score0.00503EPSS

CVE•added 2013/10/01 12:55 a.m.•37 views

CVE-2013-3041

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

4.3CVSS6AI score0.00207EPSS

CVE•added 2018/08/13 4:29 p.m.•37 views

CVE-2016-2922

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X...

5.9CVSS5.5AI score0.00203EPSS

CVE•added 2008/12/05 12:30 a.m.•36 views

CVE-2008-5328

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tre...

4.6CVSS5.8AI score0.00533EPSS

CVE•added 2012/08/17 8:55 p.m.•36 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

5.5CVSS6.1AI score0.00154EPSS

CVE•added 2018/04/20 9:29 p.m.•36 views

CVE-2014-0950

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 throug...

7.1CVSS6.9AI score0.00452EPSS

CVE•added 2008/12/05 12:30 a.m.•35 views

CVE-2008-5329

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.

7.5CVSS6.5AI score0.00396EPSS

CVE•added 2010/12/29 6:0 p.m.•35 views

CVE-2010-4602

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.

4CVSS6.3AI score0.00179EPSS

CVE•added 2013/03/21 8:55 p.m.•35 views

CVE-2012-5757

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00266EPSS

CVE•added 2008/12/05 12:30 a.m.•34 views

CVE-2008-5326

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.

4.4CVSS6.1AI score0.00065EPSS

CVE•added 2010/12/29 6:0 p.m.•34 views

CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

5CVSS6.5AI score0.00234EPSS

CVE•added 2012/12/20 12:2 p.m.•34 views

CVE-2012-5765

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

5CVSS6.5AI score0.00254EPSS

CVE•added 2016/01/02 5:59 a.m.•34 views

CVE-2015-4996

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

5.1CVSS4.8AI score0.00049EPSS