CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 http://www.securitytracker.com/id/1034558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión o insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-3041
https://notcve.org/view.php?id=CVE-2013-3041
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener información sensible del flujo de datos cliente-servidor a través de vectores no especificados asociados con un "ataque de secuestro JSON". • http://www-01.ibm.com/support/docview.wss?uid=swg21648086 https://exchange.xforce.ibmcloud.com/vulnerabilities/84724 •
CVE-2011-1205
https://notcve.org/view.php?id=CVE-2011-1205
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. Múltiples desbordamientos de búfer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros productos, permite a usuarios locales ganar privilegios a través de un documento HTML caballo de troya en la zona de Mi PC • http://www.ibm.com/support/docview.wss?uid=swg21470998 http://www.securitytracker.com/id?1025268 http://www.securitytracker.com/id?1025269 http://www.vupen.com/english/advisories/2011/0832 https://exchange.xforce.ibmcloud.com/vulnerabilities/66304 https://exchange.xforce.ibmcloud.com/vulnerabilities/66324 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4603
https://notcve.org/view.php?id=CVE-2010-4603
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. IBM Rational ClearQuest 7.0.x anteriores a v7.0.1.11, v7.1.1.x anteriores a v7.1.1.4, y v7.1.2.x anteriores a v7.1.2.1 no previene la modificación de campos referencia hacia atrás, lo que permite a usuarios remotos autenticados interferir con las relaciones de registros establecidas, y posiblemente causar una denegación de servicio (bucle) u otro tipo de impacto no especificado, a través de (1) la inclusión o (2) la eliminación de una referencia hacia atrás. • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186 http://www-01.ibm.com/support/docview.wss?uid=swg21125139 http://www.securityfocus.com/bid/45648 https://exchange.xforce.ibmcloud.com/vulnerabilities/64439 •