Rational Clearquest@* Security Vulnerabilities and Issues — Rational Clearquest@* CVE List

Lucene search

IbmRational Clearquest*

8 matches found

CVE•added 2024/07/17 7:15 p.m.•45 views

CVE-2024-28796

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286...

6.4CVSS5.9AI score0.00081EPSS

CVE•added 2008/03/20 12:44 a.m.•41 views

CVE-2007-4592

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema p...

4.3CVSS5.6AI score0.16226EPSS

CVE•added 2008/12/05 12:30 a.m.•40 views

CVE-2008-5325

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00322EPSS

CVE•added 2010/06/30 6:30 p.m.•40 views

CVE-2010-2517

Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

7.5CVSS6.8AI score0.0036EPSS

CVE•added 2018/08/13 4:29 p.m.•37 views

CVE-2016-2922

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X...

5.9CVSS5.5AI score0.00203EPSS

CVE•added 2008/12/05 12:30 a.m.•36 views

CVE-2008-5328

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tre...

4.6CVSS5.8AI score0.00533EPSS

CVE•added 2018/04/20 9:29 p.m.•36 views

CVE-2014-0950

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 throug...

7.1CVSS6.9AI score0.00452EPSS

CVE•added 2008/12/05 12:30 a.m.•35 views

CVE-2008-5329

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.

7.5CVSS6.5AI score0.00396EPSS