CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2205
https://notcve.org/view.php?id=CVE-2012-2205
17 Aug 2012 — Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite inyectar secuencias de comandos web o HTML a los usuarios remotos autenticados a través de una consulta de espacio de trabajo. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 6%CPEs: 19EXPL: 1CVE-2012-0744 – IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0744
17 Aug 2012 — IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. IBM Rational ClearQuest v7.1.x a v7.1.2.7 y v8.x a v8.0.0.3 permite a atacantes remotos obtener información potencia... • https://www.exploit-db.com/exploits/37643 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1390
https://notcve.org/view.php?id=CVE-2011-1390
14 May 2012 — SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. Una vulnerabilidad de inyección SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprove... • http://osvdb.org/81815 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 66%CPEs: 14EXPL: 1CVE-2012-0708 – IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0708
22 Apr 2012 — Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. Desbordamiento de búfer en memoria dinámica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y ... • https://www.exploit-db.com/exploits/19576 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2010-4600
https://notcve.org/view.php?id=CVE-2010-4600
29 Dec 2010 — Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. Dojo Toolkit, como el usado en en el cliente Web de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anteriores a v7.1.2.1, permite a atacantes remotos leer las cookies navegando hasta el archivo Dojo, relacionado con el problema "Open direct" • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4601
https://notcve.org/view.php?id=CVE-2010-4601
29 Dec 2010 — Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. Múltiples vulnerabilidades sin especificar en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a atacantes tener un impacto no especificado a través de vectores sin especificar relacionados con archivos .ocx de terceros. • http://secunia.com/advisories/42624 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2010-4602
https://notcve.org/view.php?id=CVE-2010-4602
29 Dec 2010 — The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. El cliente web en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a usuarios autenticados remotamente evitar las limitaciones de usuario y leer registros de su elección, a... • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4603
https://notcve.org/view.php?id=CVE-2010-4603
29 Dec 2010 — IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. IBM Rational ClearQuest 7.0.x anteriores a v7.0.1.11, v7.1.1.x anteriores a v7.1.1.4, y v7.1.2.x anteriores a v7.1.2.1 no previene la modific... • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2517
https://notcve.org/view.php?id=CVE-2010-2517
30 Jun 2010 — Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. Múltiples vulnerabilidades no específicas en IBM Rational ClearQuest anterior al v7.1.1.02 tienen un impacto desconocido y vectores de ataque como lo demuestra un informe de AppScan • http://secunia.com/advisories/40341 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2009-4357
https://notcve.org/view.php?id=CVE-2009-4357
18 Dec 2009 — CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. La interfaz web (también conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexión automática, lo que podría permitir descubrir las contraseñas de cuentas de usuario los atacantes remotos mediante vectores no esp... • http://secunia.com/advisories/37811 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •