42 matches found
CVE-2007-5090
CVE-2007-5090 : IBM Rational ClearQuest contains an unspecified vulnerability that, when using Microsoft SQL Server or IBM DB2, could allow a local attacker to manipulate data. The connected IBM/DB2 bulletin confirms exposure in CQ and notes a low (1.2) CVSS base score with local access; no mitig...
CVE-2012-0708
CVE-2012-0708 is an in-application heap-based buffer overflow in the CQOle ActiveX control (cqole.dll) of IBM Rational ClearQuest. The overflow arises from a function prototype mismatch in RegisterSchemaRepoFromFileByDbSet, enabling remote code execution on Windows if CQOle DLLs are installed and...
CVE-2012-2165
CVE-2012-2165 affects IBM Rational ClearQuest 7.x before 7.1.2.7 and 8.x before 8.0.0.3. When ClearQuest Authentication is enabled, remote authenticated users can read password hashes via a user query, an information-disclosure flaw. The IBM bulletin confirms this as a vulnerability in the ClearQ...
CVE-2010-4601
CVE-2010-4601 affects IBM Rational ClearQuest versions: 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1. The vulnerabilities enable unknown impact via vectors related to third-party .ocx files. Vulnerable components/versions are identified in the initial description; the...
CVE-2008-5327
The CVE-2008-5327 entry concerns the IBM Rational ClearQuest Maintenance Tool (ClearQuest 7 before 7.1). The vulnerability arises because the maintenance tool stores the database password in cleartext within an object in a ClearQuest connection profile or export file, enabling remote authenticate...
CVE-2011-1205
The CVE-2011-1205 entry concerns multiple buffer overflows in unspecified COM objects within IBM Rational licensing components used by Rational ClearCase 7.0.0.4–7.1.1.4, ClearQuest 7.0.0.4–7.1.1.4, and related products. The root cause is buffer overflows in COM objects that can be triggered by r...
CVE-2012-0744
The CVE-2012-0744 entry is supported by IBM’s Security Bulletin for ClearQuest Web leftovers: the ClearQuest Web deployment into WebSphere includes sample/debug scripts that are unnecessary and may disclose information, potentially aiding an attacker. Affected products/versions: IBM Rational Clea...
CVE-2008-5330
CVE-2008-5330 involves multiple XSS vulnerabilities in the web interface of IBM Rational ClearCase RWP server. Affected products/releases include ClearCase 7.0.0 prior to 7.0.0.4 and 7.0.1.1-RATL-RCC-IFIX02, and possibly other 7.0.1 versions before 7.0.1.3. The issue allows remote attackers to in...
CVE-2007-1468
CVE-2007-1468 affects IBM Rational ClearQuest Web 7.0.0.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry in CQ Web. The connected documents confirm the affected product and entry p...
CVE-2008-5324
CVE-2008-5324 describes multiple cross-site scripting (XSS) vulnerabilities in CQ Web of IBM Rational ClearQuest 2007 (before 2007D) and 2008 (before 2008B). The underlying issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact includes...
CVE-2007-4592
CVE-2007-4592 concerns multiple XSS flaws in IBM Rational ClearQuest CQWeb/Web login interface. The web UI fails to sanitize input for parameters (contextid, username, userNameVal, schema), enabling remote attackers to inject arbitrary HTML/JS that runs in the victim’s browser. Affected products ...
CVE-2008-3550
The CVE-2008-3550 entry affects IBM Rational ClearQuest 7.0.1 CQWeb: the login page may reveal potentially sensitive information (page source code) via crafted id field input using ?script? and ?/script? sequences, indicating a cross-site scripting (XSS) issue. The issue is described consistently...
CVE-2012-2169
CVE-2012-2169 affects the IBM Rational ClearQuest Web client. The vulnerability is a Cross-Site Scripting (XSS) flaw in the file-upload functionality where the File Description field can be abused to inject arbitrary web script or HTML. Affected product: ClearQuest Web Client prior to version 7.1...
CVE-2012-2205
Summary: CVE-2012-2205 is a Cross-Site Scripting (XSS) vulnerability in the IBM Rational ClearQuest Web client. The issue affects ClearQuest Web clients prior to version 7.1.2.7 and 8.0.0.3. Impact / root cause: remote authenticated users can inject arbitrary web script or HTML via a workspace qu...
CVE-2024-28796
Summary: IBM Rational ClearQuest (CQ) 9.1–9.1.0.6 is vulnerable to a stored cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript that can alter functionality and potentially lead to credentials disclosure within a trusted session. Root cause (as described): lack of...
CVE-2012-2168
IBM Rational ClearQuest Web versions prior to 7.1.2.7 and 8.0.0.3 are affected by CVE-2012-2168, which allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. The issue is a information disclosure in ClearQuest Web erro...
CVE-2013-0598
IBM Rational ClearQuest Web Client is affected by a CSRF vulnerability (CVE-2013-0598) in versions 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1, which could allow remote attackers to hijack a user’s authenticated session. The issue is documented by an IBM Security Bulletin an...
CVE-2014-8925
CVE-2014-8925 is a CSRF vulnerability in IBM Rational ClearQuest Web. It affects IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7. The issue is caused by improper validation in the DoLogout action, allowing an authenticated user to be logged out v...
CVE-2009-2212
CVE-2009-2212 affects the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5, where an attacker can discover a user’s credentials (username or password) via unspecified vectors. The published description does not specify the exact exploit path or affected compon...
CVE-2008-5325
Technical details (affected products/versions/root cause/fixes) are not publicly available in the provided connected documents. Monitor for updates.
CVE-2010-4603
IBM Rational ClearQuest is affected by CVE-2010-4603: specific releases (7.0.x before 7.0.1.11; 7.1.1.x before 7.1.1.4; 7.1.2.x before 7.1.2.1) do not prevent modification of back-reference fields. This allows remote authenticated users to interfere with intended record relationships by adding or...
CVE-2011-1390
IBM Rational ClearQuest Maintenance tool on Windows is affected by a SQL Injection in the database upgrade feature. The vulnerability exists for ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2, where an attacker who can run the Maintenance tool and connect to the...
CVE-2012-4839
The OSLC interface in IBM Rational ClearQuest Web (CQ Web) is affected by CVE-2012-4839. Affected: ClearQuest Web server 7.1.2.0–7.1.2.8 and 8.0.0.0–8.0.0.4. Root cause: OSLC dialog/frame handling allows phishing attacks via a FRAME element. CVSS base score 4.3 (MEDIUM). Remediation: upgrade to 7...
CVE-2010-2517
CVE-2010-2517 affects IBM Rational ClearQuest prior to 7.1.1.02. The connected sources provide no concrete root cause or exploit details beyond “multiple unspecified vulnerabilities” demonstrated by an AppScan report. The CVSS/metrics in the NVD entry indicate a Network attack vector with low com...
CVE-2009-4357
CVE-2009-4357 affects IBM Rational ClearQuest CQWeb (the web interface) prior to version 7.1.1. The root cause is improper handling of legacy URLs used for automatic login, which could allow remote attackers to discover user passwords through unspecified vectors. Affected component: CQWeb web int...
CVE-2010-4600
CVE-2010-4600 affects IBM Rational ClearQuest Web Client using Dojo Toolkit: versions 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 expose cookie data to remote attackers who navigate to a Dojo file via an related “open direct” issue. The vulnerability is an information disclosure in the Dojo...
CVE-2008-1288
IBM Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are affected by a vulnerability that could allow local or remote attackers to obtain sensitive information about users by reading user cookies. The connected sources confirm the affected product/version and the impact tied to cookie leakage, bu...
CVE-2009-2211
CVE-2009-2211 describes a cross-site scripting (XSS) vulnerability in the CQWeb server of IBM Rational ClearQuest. Affected product versions are IBM Rational ClearQuest CQWeb 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5. The issue allows remote attackers to inject arbitrary web script or HTML vi...
CVE-2010-4602
IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 contains a web client vulnerability that allows remote authenticated users to bypass the “restricted user” restrictions and read arbitrary records by modifying the record number in the URL for a RECORD action (e.g., via a b...
CVE-2013-3041
IBM Rational ClearQuest Web Client contains a JSON Hijacking vulnerability (CVE-2013-3041) that could allow remote attackers to disclose sensitive information from the client–server data stream. Affected are ClearQuest Web: 7.1.x before 7.1.2.12, 8.0.x before 8.0.0.8, and 8.0.1.x before 8.0.1.1. ...
CVE-2008-1287
Technical details about CVE-2008-1287 are not publicly provided in the supplied documents. Monitor for updates; current sources summarize a username enumeration issue in IBM Rational ClearQuest without further technical specifics.
CVE-2012-2164
The CVE-2012-2164 entry affects IBM Rational ClearQuest Web. The Web client on ClearQuest versions 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions and use the Site Administration menu to modify system settings via a parameter-ta...
CVE-2005-2994
The CVE-2005-2994 entry concerns the IBM Rational ClearQuest web client (versions 2002.05.00/2002.05.20 and 2003.06.00–2003.06.15 before SR5). The vulnerability is described as an unspecified issue that allows remote attackers to execute XML Stylesheets (XSS) via the web client. The connected doc...
CVE-2007-4368
The CVE-2007-4368 entry relates to IBM Rational ClearQuest Web 7.0.0.0-IFIX02 and 7.0.0.1, where an SQL injection vulnerability exists in /main via the username parameter in a GenerateMainFrame command. The issue allows remote attackers to execute arbitrary SQL commands and has a high impact (par...
CVE-2008-5329
The CVE-2008-5329 issue affects ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 . An attacker could direct a client’s submissions and changes to an arbitrary database by configuring multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties fi...
CVE-2008-5328
The CVE-2008-5328 entry concerns the ClearQuest Maintenance Tool in IBM Rational ClearQuest before version 7. It states that the product stores the database password in cleartext inside an object in a ClearQuest connection profile or export file, enabling remote authenticated users to retrieve th...
CVE-2014-0950
Concrete details found: CVE-2014-0950 affects IBM Rational ClearQuest components (CQWeb/CM Server, ClearQuest Native client, ClearQuest Eclipse client, ClearQuest Eclipse Designer). The root cause is XML External Entity (XXE) processing allowing remote attackers to cause a denial of service or ac...
CVE-2016-2922
CVE-2016-2922 affects IBM Rational ClearQuest (CQ OSLC linkages, EmailRelay) where the SSL certificate is not validated against the requested hostname, enabling MITM with spoofed servers. Affected versions: 8.0.x (8.0 through 8.0.0.21 and 8.0.1 through 8.0.1.17) and 9.x (9.0 through 9.0.1.3). Imp...
CVE-2008-5326
The CVE-2008-5326 issue affects IBM Rational ClearQuest (Maintenance Tool) for Windows, specifically 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3. The vulnerability allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a serie...
CVE-2012-5757
CVE-2012-5757 concerns a Cross-Site Scripting (XSS) vulnerability in the IBM Rational ClearQuest Web Client . The issue affects ClearQuest Web Clients before version 7.1.2.10 and before version 8.0.0.6 . The root cause is an XSS flaw that allows remote attackers to inject arbitrary web script or ...
CVE-2012-5765
IBM Rational ClearQuest Web (CQ Web) is affected in 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5. The vulnerability allows remote attackers to disclose sensitive information via SQL error messages (SQL Error Message Attack). Affected component is the ClearQuest Web client; desktop/CLI is not...
CVE-2015-4996
CVE-2015-4996 affects IBM Rational ClearQuest 7.1.x and 8.0.0.x (before 8.0.0.17) and 8.0.1.x (before 8.0.1.10). A local attacker can trick the application into connecting to a fake database server to obtain credentials. Impact: credential disclosure without remote access. Remediation: upgrade to...