Page 2 of 13 results (0.003 seconds)

CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad CSRF en el cliente Web en IBM Rational ClearQuest v7.1 anterior a v7.1.2.12, v8.0 anterior a v8.0.0.8 y v8.0.1 anterior a v8.0.1.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185 http://www-01.ibm.com/support/docview.wss?uid=swg21648665 https://exchange.xforce.ibmcloud.com/vulnerabilities/83611 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ejecución de secuiencias de comandos en sitios cruzados (XSS) en el cliente web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.10 y v8.x antes de v8.0.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL maliciosa. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153 http://www.ibm.com/support/docview.wss?uid=swg21619993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. El Cliente Web (también conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.5 antes de v8.0.0.x permite a atacantes remotos obtener información sensible a través de vectores no especificados que desencadenan un mensaje de error de SQL. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905 http://www-01.ibm.com/support/docview.wss?uid=swg21620048 https://exchange.xforce.ibmcloud.com/vulnerabilities/80211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. La interfaz OSLC en el cliente Web (también conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.x antes de v8.0.0.5 permite a atacantes remotos para realizar ataques de phishing a través de un elemento FRAME. • http://www-01.ibm.com/support/docview.wss?uid=swg21620342 http://www.securitytracker.com/id?1027889 https://exchange.xforce.ibmcloud.com/vulnerabilities/79068 •

CVSS: 5.0EPSS: 84%CPEs: 19EXPL: 1

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. IBM Rational ClearQuest v7.1.x a v7.1.2.7 y v8.x a v8.0.0.3 permite a atacantes remotos obtener información potencialmente sensible a través de una solicitud a los scripts de ejemplo (1) snoop, (2) hello , (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp , o (12) cqweb/j_security_check. • https://www.exploit-db.com/exploits/37643 http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896 http://www.ibm.com/support/docview.wss?uid=swg21599361 http://www.ibm.com/support/docview.wss?uid=swg21606317 https://exchange.xforce.ibmcloud.com/vulnerabilities/74671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •