Rational Clearquest Security Vulnerabilities and Issues — Rational Clearquest CVE List

Lucene search

IbmRational Clearquest

11 matches found

CVE•added 2012/08/17 8:55 p.m.•48 views

CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVX...

5CVSS6.1AI score0.05964EPSS

CVE•added 2008/08/08 7:41 p.m.•43 views

CVE-2008-3550

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

5CVSS5.6AI score0.00264EPSS

CVE•added 2009/06/25 5:30 p.m.•40 views

CVE-2009-2212

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

5CVSS6.6AI score0.00267EPSS

CVE•added 2009/12/18 7:30 p.m.•40 views

CVE-2009-4357

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

5CVSS6.4AI score0.00337EPSS

CVE•added 2008/03/11 5:44 p.m.•39 views

CVE-2008-1288

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

5CVSS5.9AI score0.00464EPSS

CVE•added 2008/03/11 5:44 p.m.•37 views

CVE-2008-1287

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

5CVSS6.5AI score0.00503EPSS

CVE•added 2018/08/13 4:29 p.m.•37 views

CVE-2016-2922

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X...

5.9CVSS5.5AI score0.00203EPSS

CVE•added 2012/08/17 8:55 p.m.•36 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

5.5CVSS6.1AI score0.00154EPSS

CVE•added 2010/12/29 6:0 p.m.•34 views

CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

5CVSS6.5AI score0.00234EPSS

CVE•added 2012/12/20 12:2 p.m.•34 views

CVE-2012-5765

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

5CVSS6.5AI score0.00254EPSS

CVE•added 2016/01/02 5:59 a.m.•34 views

CVE-2015-4996

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

5.1CVSS4.8AI score0.00049EPSS