Rational Clearquest@7.1.1.7 Security Vulnerabilities and Issues — Rational Clearquest@7.1.1.7 CVE List

Lucene search

IbmRational Clearquest7.1.1.7

12 matches found

CVE•added 2012/08/17 8:55 p.m.•52 views

CVE-2012-2165

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

3.5CVSS6.3AI score0.00151EPSS

CVE•added 2012/08/17 8:55 p.m.•48 views

CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVX...

5CVSS6.1AI score0.05964EPSS

CVE•added 2012/08/17 8:55 p.m.•45 views

CVE-2012-2205

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2013/09/28 3:40 a.m.•45 views

CVE-2013-0598

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.

6.8CVSS7.2AI score0.00119EPSS

CVE•added 2012/08/17 8:55 p.m.•44 views

CVE-2012-2169

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2012/05/14 10:55 p.m.•43 views

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

7.5CVSS8.4AI score0.00658EPSS

CVE•added 2015/03/25 1:59 a.m.•43 views

CVE-2014-8925

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

6.8CVSS6.6AI score0.00148EPSS

CVE•added 2012/08/17 8:55 p.m.•42 views

CVE-2012-2168

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

4CVSS5.8AI score0.00179EPSS

CVE•added 2013/10/01 12:55 a.m.•37 views

CVE-2013-3041

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

4.3CVSS6AI score0.00207EPSS

CVE•added 2012/08/17 8:55 p.m.•36 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

5.5CVSS6.1AI score0.00154EPSS

CVE•added 2013/03/21 8:55 p.m.•35 views

CVE-2012-5757

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00266EPSS

CVE•added 2016/01/02 5:59 a.m.•34 views

CVE-2015-4996

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

5.1CVSS4.8AI score0.00049EPSS