Rational Clearquest Security Vulnerabilities and Issues — Rational Clearquest CVE List

Lucene search

IbmRational Clearquest

10 matches found

CVE•added 2012/04/22 6:55 p.m.•143 views

CVE-2012-0708

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByD...

9.3CVSS7.8AI score0.66566EPSS

CVE•added 2012/08/17 8:55 p.m.•52 views

CVE-2012-2165

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

3.5CVSS6.3AI score0.00151EPSS

CVE•added 2012/08/17 8:55 p.m.•48 views

CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVX...

5CVSS6.1AI score0.05964EPSS

CVE•added 2012/08/17 8:55 p.m.•45 views

CVE-2012-2205

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2012/08/17 8:55 p.m.•44 views

CVE-2012-2169

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2012/05/14 10:55 p.m.•43 views

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

7.5CVSS8.4AI score0.00658EPSS

CVE•added 2012/12/20 12:2 p.m.•43 views

CVE-2012-4839

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.

4.3CVSS6.6AI score0.00227EPSS

CVE•added 2012/08/17 8:55 p.m.•42 views

CVE-2012-2168

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

4CVSS5.8AI score0.00179EPSS

CVE•added 2012/08/17 8:55 p.m.•36 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

5.5CVSS6.1AI score0.00154EPSS

CVE•added 2012/12/20 12:2 p.m.•34 views

CVE-2012-5765

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

5CVSS6.5AI score0.00254EPSS