CVE-2011-1205
https://notcve.org/view.php?id=CVE-2011-1205
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. Múltiples desbordamientos de búfer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros productos, permite a usuarios locales ganar privilegios a través de un documento HTML caballo de troya en la zona de Mi PC • http://www.ibm.com/support/docview.wss?uid=swg21470998 http://www.securitytracker.com/id?1025268 http://www.securitytracker.com/id?1025269 http://www.vupen.com/english/advisories/2011/0832 https://exchange.xforce.ibmcloud.com/vulnerabilities/66304 https://exchange.xforce.ibmcloud.com/vulnerabilities/66324 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4357
https://notcve.org/view.php?id=CVE-2009-4357
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. La interfaz web (también conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexión automática, lo que podría permitir descubrir las contraseñas de cuentas de usuario los atacantes remotos mediante vectores no especificados. • http://secunia.com/advisories/37811 http://securitytracker.com/id?1023370 http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 http://www.securityfocus.com/bid/37385 http://www.vupen.com/english/advisories/2009/3580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1292
https://notcve.org/view.php?id=CVE-2009-1292
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. UCM-CQ en IBM Rational ClearCase 7.0.0.x versiones anteriores a v7.0.0.5, 7.0.1.x versiones anteriores a v7.0.1.4, y 7.1.x versiones anteriores a v7.1.0.1 en Linux y AIX sitúa un nombre de usuario y una contraseña en la línea de comandos, lo cual permite a usuarios locales obtener credenciales listando el proceso. • http://secunia.com/advisories/34689 http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832 http://www.securityfocus.com/bid/34483 http://www.securitytracker.com/id?1022035 http://www.vupen.com/english/advisories/2009/1017 https://exchange.xforce.ibmcloud.com/vulnerabilities/49836 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •