Lucene search
+L
IbmRational Clearquest

42 matches found

CVE
CVE
added 2007/09/26 8:0 p.m.598 views

CVE-2007-5090

CVE-2007-5090 : IBM Rational ClearQuest contains an unspecified vulnerability that, when using Microsoft SQL Server or IBM DB2, could allow a local attacker to manipulate data. The connected IBM/DB2 bulletin confirms exposure in CQ and notes a low (1.2) CVSS base score with local access; no mitig...

7.5CVSS9.3AI score0.01934EPSS
CVE
CVE
added 2012/04/22 6:0 p.m.158 views

CVE-2012-0708

CVE-2012-0708 is an in-application heap-based buffer overflow in the CQOle ActiveX control (cqole.dll) of IBM Rational ClearQuest. The overflow arises from a function prototype mismatch in RegisterSchemaRepoFromFileByDbSet, enabling remote code execution on Windows if CQOle DLLs are installed and...

9.3CVSS7.8AI score0.3095EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.73 views

CVE-2012-2165

CVE-2012-2165 affects IBM Rational ClearQuest 7.x before 7.1.2.7 and 8.x before 8.0.0.3. When ClearQuest Authentication is enabled, remote authenticated users can read password hashes via a user query, an information-disclosure flaw. The IBM bulletin confirms this as a vulnerability in the ClearQ...

3.5CVSS6.3AI score0.00987EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.67 views

CVE-2010-4601

CVE-2010-4601 affects IBM Rational ClearQuest versions: 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1. The vulnerabilities enable unknown impact via vectors related to third-party .ocx files. Vulnerable components/versions are identified in the initial description; the...

10CVSS6.7AI score0.01239EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.65 views

CVE-2008-5327

The CVE-2008-5327 entry concerns the IBM Rational ClearQuest Maintenance Tool (ClearQuest 7 before 7.1). The vulnerability arises because the maintenance tool stores the database password in cleartext within an object in a ClearQuest connection profile or export file, enabling remote authenticate...

6.5CVSS5.8AI score0.01096EPSS
CVE
CVE
added 2011/03/29 6:0 p.m.65 views

CVE-2011-1205

The CVE-2011-1205 entry concerns multiple buffer overflows in unspecified COM objects within IBM Rational licensing components used by Rational ClearCase 7.0.0.4–7.1.1.4, ClearQuest 7.0.0.4–7.1.1.4, and related products. The root cause is buffer overflows in COM objects that can be triggered by r...

6.9CVSS6.7AI score0.00372EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.64 views

CVE-2012-0744

The CVE-2012-0744 entry is supported by IBM’s Security Bulletin for ClearQuest Web leftovers: the ClearQuest Web deployment into WebSphere includes sample/debug scripts that are unnecessary and may disclose information, potentially aiding an attacker. Affected products/versions: IBM Rational Clea...

5CVSS6.1AI score0.08263EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.61 views

CVE-2008-5330

CVE-2008-5330 involves multiple XSS vulnerabilities in the web interface of IBM Rational ClearCase RWP server. Affected products/releases include ClearCase 7.0.0 prior to 7.0.0.4 and 7.0.1.1-RATL-RCC-IFIX02, and possibly other 7.0.1 versions before 7.0.1.3. The issue allows remote attackers to in...

4.3CVSS5.8AI score0.0173EPSS
CVE
CVE
added 2007/03/16 9:0 p.m.59 views

CVE-2007-1468

CVE-2007-1468 affects IBM Rational ClearQuest Web 7.0.0.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry in CQ Web. The connected documents confirm the affected product and entry p...

4.3CVSS5.5AI score0.01292EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.59 views

CVE-2008-5324

CVE-2008-5324 describes multiple cross-site scripting (XSS) vulnerabilities in CQ Web of IBM Rational ClearQuest 2007 (before 2007D) and 2008 (before 2008B). The underlying issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact includes...

4.3CVSS5.7AI score0.00855EPSS
CVE
CVE
added 2008/03/20 12:0 a.m.58 views

CVE-2007-4592

CVE-2007-4592 concerns multiple XSS flaws in IBM Rational ClearQuest CQWeb/Web login interface. The web UI fails to sanitize input for parameters (contextid, username, userNameVal, schema), enabling remote attackers to inject arbitrary HTML/JS that runs in the victim’s browser. Affected products ...

4.3CVSS5.6AI score0.04495EPSS
CVE
CVE
added 2008/08/08 7:0 p.m.58 views

CVE-2008-3550

The CVE-2008-3550 entry affects IBM Rational ClearQuest 7.0.1 CQWeb: the login page may reveal potentially sensitive information (page source code) via crafted id field input using ?script? and ?/script? sequences, indicating a cross-site scripting (XSS) issue. The issue is described consistently...

5CVSS5.6AI score0.01198EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.58 views

CVE-2012-2169

CVE-2012-2169 affects the IBM Rational ClearQuest Web client. The vulnerability is a Cross-Site Scripting (XSS) flaw in the file-upload functionality where the File Description field can be abused to inject arbitrary web script or HTML. Affected product: ClearQuest Web Client prior to version 7.1...

3.5CVSS5.3AI score0.01402EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.58 views

CVE-2012-2205

Summary: CVE-2012-2205 is a Cross-Site Scripting (XSS) vulnerability in the IBM Rational ClearQuest Web client. The issue affects ClearQuest Web clients prior to version 7.1.2.7 and 8.0.0.3. Impact / root cause: remote authenticated users can inject arbitrary web script or HTML via a workspace qu...

3.5CVSS5.2AI score0.01402EPSS
CVE
CVE
added 2024/07/17 6:14 p.m.58 views

CVE-2024-28796

Summary: IBM Rational ClearQuest (CQ) 9.1–9.1.0.6 is vulnerable to a stored cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript that can alter functionality and potentially lead to credentials disclosure within a trusted session. Root cause (as described): lack of...

6.4CVSS5.9AI score0.00256EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.57 views

CVE-2012-2168

IBM Rational ClearQuest Web versions prior to 7.1.2.7 and 8.0.0.3 are affected by CVE-2012-2168, which allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. The issue is a information disclosure in ClearQuest Web erro...

4CVSS5.8AI score0.01082EPSS
CVE
CVE
added 2013/09/28 1:0 a.m.57 views

CVE-2013-0598

IBM Rational ClearQuest Web Client is affected by a CSRF vulnerability (CVE-2013-0598) in versions 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1, which could allow remote attackers to hijack a user’s authenticated session. The issue is documented by an IBM Security Bulletin an...

6.8CVSS7.2AI score0.00636EPSS
CVE
CVE
added 2015/03/25 1:0 a.m.57 views

CVE-2014-8925

CVE-2014-8925 is a CSRF vulnerability in IBM Rational ClearQuest Web. It affects IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7. The issue is caused by improper validation in the DoLogout action, allowing an authenticated user to be logged out v...

6.8CVSS6.6AI score0.00908EPSS
CVE
CVE
added 2009/06/25 5:0 p.m.56 views

CVE-2009-2212

CVE-2009-2212 affects the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5, where an attacker can discover a user’s credentials (username or password) via unspecified vectors. The published description does not specify the exact exploit path or affected compon...

5CVSS6.6AI score0.01009EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.55 views

CVE-2008-5325

Technical details (affected products/versions/root cause/fixes) are not publicly available in the provided connected documents. Monitor for updates.

4.3CVSS5.7AI score0.01957EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.55 views

CVE-2010-4603

IBM Rational ClearQuest is affected by CVE-2010-4603: specific releases (7.0.x before 7.0.1.11; 7.1.1.x before 7.1.1.4; 7.1.2.x before 7.1.2.1) do not prevent modification of back-reference fields. This allows remote authenticated users to interfere with intended record relationships by adding or...

6.5CVSS6.8AI score0.01744EPSS
CVE
CVE
added 2012/05/14 10:0 p.m.55 views

CVE-2011-1390

IBM Rational ClearQuest Maintenance tool on Windows is affected by a SQL Injection in the database upgrade feature. The vulnerability exists for ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2, where an attacker who can run the Maintenance tool and connect to the...

7.5CVSS8.4AI score0.02056EPSS
CVE
CVE
added 2012/12/20 11:0 a.m.55 views

CVE-2012-4839

The OSLC interface in IBM Rational ClearQuest Web (CQ Web) is affected by CVE-2012-4839. Affected: ClearQuest Web server 7.1.2.0–7.1.2.8 and 8.0.0.0–8.0.0.4. Root cause: OSLC dialog/frame handling allows phishing attacks via a FRAME element. CVSS base score 4.3 (MEDIUM). Remediation: upgrade to 7...

4.3CVSS6.6AI score0.01168EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.54 views

CVE-2010-2517

CVE-2010-2517 affects IBM Rational ClearQuest prior to 7.1.1.02. The connected sources provide no concrete root cause or exploit details beyond “multiple unspecified vulnerabilities” demonstrated by an AppScan report. The CVSS/metrics in the NVD entry indicate a Network attack vector with low com...

7.5CVSS6.8AI score0.01661EPSS
CVE
CVE
added 2009/12/18 7:0 p.m.53 views

CVE-2009-4357

CVE-2009-4357 affects IBM Rational ClearQuest CQWeb (the web interface) prior to version 7.1.1. The root cause is improper handling of legacy URLs used for automatic login, which could allow remote attackers to discover user passwords through unspecified vectors. Affected component: CQWeb web int...

5CVSS6.4AI score0.01076EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.53 views

CVE-2010-4600

CVE-2010-4600 affects IBM Rational ClearQuest Web Client using Dojo Toolkit: versions 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 expose cookie data to remote attackers who navigate to a Dojo file via an related “open direct” issue. The vulnerability is an information disclosure in the Dojo...

5CVSS6.5AI score0.01229EPSS
CVE
CVE
added 2008/03/11 5:0 p.m.52 views

CVE-2008-1288

IBM Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are affected by a vulnerability that could allow local or remote attackers to obtain sensitive information about users by reading user cookies. The connected sources confirm the affected product/version and the impact tied to cookie leakage, bu...

5CVSS5.9AI score0.01442EPSS
CVE
CVE
added 2009/06/25 5:0 p.m.52 views

CVE-2009-2211

CVE-2009-2211 describes a cross-site scripting (XSS) vulnerability in the CQWeb server of IBM Rational ClearQuest. Affected product versions are IBM Rational ClearQuest CQWeb 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5. The issue allows remote attackers to inject arbitrary web script or HTML vi...

4.3CVSS5.7AI score0.01638EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.52 views

CVE-2010-4602

IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 contains a web client vulnerability that allows remote authenticated users to bypass the “restricted user” restrictions and read arbitrary records by modifying the record number in the URL for a RECORD action (e.g., via a b...

4CVSS6.3AI score0.0115EPSS
CVE
CVE
added 2013/10/01 12:0 a.m.52 views

CVE-2013-3041

IBM Rational ClearQuest Web Client contains a JSON Hijacking vulnerability (CVE-2013-3041) that could allow remote attackers to disclose sensitive information from the client–server data stream. Affected are ClearQuest Web: 7.1.x before 7.1.2.12, 8.0.x before 8.0.0.8, and 8.0.1.x before 8.0.1.1. ...

4.3CVSS6AI score0.01066EPSS
CVE
CVE
added 2008/03/11 5:0 p.m.51 views

CVE-2008-1287

Technical details about CVE-2008-1287 are not publicly provided in the supplied documents. Monitor for updates; current sources summarize a username enumeration issue in IBM Rational ClearQuest without further technical specifics.

5CVSS6.5AI score0.01442EPSS
CVE
CVE
added 2012/08/17 8:0 p.m.51 views

CVE-2012-2164

The CVE-2012-2164 entry affects IBM Rational ClearQuest Web. The Web client on ClearQuest versions 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions and use the Site Administration menu to modify system settings via a parameter-ta...

5.5CVSS6.1AI score0.01107EPSS
CVE
CVE
added 2005/09/20 4:0 a.m.50 views

CVE-2005-2994

The CVE-2005-2994 entry concerns the IBM Rational ClearQuest web client (versions 2002.05.00/2002.05.20 and 2003.06.00–2003.06.15 before SR5). The vulnerability is described as an unspecified issue that allows remote attackers to execute XML Stylesheets (XSS) via the web client. The connected doc...

6.8CVSS7.2AI score0.01148EPSS
CVE
CVE
added 2007/08/15 11:0 p.m.50 views

CVE-2007-4368

The CVE-2007-4368 entry relates to IBM Rational ClearQuest Web 7.0.0.0-IFIX02 and 7.0.0.1, where an SQL injection vulnerability exists in /main via the username parameter in a GenerateMainFrame command. The issue allows remote attackers to execute arbitrary SQL commands and has a high impact (par...

7.5CVSS8.2AI score0.03313EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.50 views

CVE-2008-5329

The CVE-2008-5329 issue affects ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 . An attacker could direct a client’s submissions and changes to an arbitrary database by configuring multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties fi...

7.5CVSS6.5AI score0.01594EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.49 views

CVE-2008-5328

The CVE-2008-5328 entry concerns the ClearQuest Maintenance Tool in IBM Rational ClearQuest before version 7. It states that the product stores the database password in cleartext inside an object in a ClearQuest connection profile or export file, enabling remote authenticated users to retrieve th...

4.6CVSS5.8AI score0.01441EPSS
CVE
CVE
added 2018/04/20 9:0 p.m.49 views

CVE-2014-0950

Concrete details found: CVE-2014-0950 affects IBM Rational ClearQuest components (CQWeb/CM Server, ClearQuest Native client, ClearQuest Eclipse client, ClearQuest Eclipse Designer). The root cause is XML External Entity (XXE) processing allowing remote attackers to cause a denial of service or ac...

7.1CVSS6.9AI score0.01667EPSS
CVE
CVE
added 2018/08/13 4:0 p.m.49 views

CVE-2016-2922

CVE-2016-2922 affects IBM Rational ClearQuest (CQ OSLC linkages, EmailRelay) where the SSL certificate is not validated against the requested hostname, enabling MITM with spoofed servers. Affected versions: 8.0.x (8.0 through 8.0.0.21 and 8.0.1 through 8.0.1.17) and 9.x (9.0 through 9.0.1.3). Imp...

5.9CVSS5.5AI score0.00668EPSS
CVE
CVE
added 2008/12/05 12:0 a.m.48 views

CVE-2008-5326

The CVE-2008-5326 issue affects IBM Rational ClearQuest (Maintenance Tool) for Windows, specifically 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3. The vulnerability allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a serie...

4.4CVSS6.1AI score0.00276EPSS
CVE
CVE
added 2013/03/21 8:0 p.m.47 views

CVE-2012-5757

CVE-2012-5757 concerns a Cross-Site Scripting (XSS) vulnerability in the IBM Rational ClearQuest Web Client . The issue affects ClearQuest Web Clients before version 7.1.2.10 and before version 8.0.0.6 . The root cause is an XSS flaw that allows remote attackers to inject arbitrary web script or ...

4.3CVSS5.6AI score0.01148EPSS
CVE
CVE
added 2012/12/20 11:0 a.m.46 views

CVE-2012-5765

IBM Rational ClearQuest Web (CQ Web) is affected in 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5. The vulnerability allows remote attackers to disclose sensitive information via SQL error messages (SQL Error Message Attack). Affected component is the ClearQuest Web client; desktop/CLI is not...

5CVSS6.5AI score0.01354EPSS
CVE
CVE
added 2016/01/02 2:0 a.m.46 views

CVE-2015-4996

CVE-2015-4996 affects IBM Rational ClearQuest 7.1.x and 8.0.0.x (before 8.0.0.17) and 8.0.1.x (before 8.0.1.10). A local attacker can trick the application into connecting to a fake database server to obtain credentials. Impact: credential disclosure without remote access. Remediation: upgrade to...

5.1CVSS4.8AI score0.00317EPSS