CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2013-0598
https://notcve.org/view.php?id=CVE-2013-0598
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad CSRF en el cliente Web en IBM Rational ClearQuest v7.1 anterior a v7.1.2.12, v8.0 anterior a v8.0.0.8 y v8.0.1 anterior a v8.0.1.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185 http://www-01.ibm.com/support/docview.wss?uid=swg21648665 https://exchange.xforce.ibmcloud.com/vulnerabilities/83611 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2012-5757
https://notcve.org/view.php?id=CVE-2012-5757
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ejecución de secuiencias de comandos en sitios cruzados (XSS) en el cliente web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.10 y v8.x antes de v8.0.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL maliciosa. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153 http://www.ibm.com/support/docview.wss?uid=swg21619993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2517
https://notcve.org/view.php?id=CVE-2010-2517
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. Múltiples vulnerabilidades no específicas en IBM Rational ClearQuest anterior al v7.1.1.02 tienen un impacto desconocido y vectores de ataque como lo demuestra un informe de AppScan • http://secunia.com/advisories/40341 http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157 http://www.securityfocus.com/bid/41205 http://www.vupen.com/english/advisories/2010/1615 •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2009-4357
https://notcve.org/view.php?id=CVE-2009-4357
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. La interfaz web (también conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexión automática, lo que podría permitir descubrir las contraseñas de cuentas de usuario los atacantes remotos mediante vectores no especificados. • http://secunia.com/advisories/37811 http://securitytracker.com/id?1023370 http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 http://www.securityfocus.com/bid/37385 http://www.vupen.com/english/advisories/2009/3580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2007-4592 – IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4592
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login. IBM Rational ClearQuest Web suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/31438 http://secunia.com/advisories/29467 http://securityreason.com/securityalert/3753 http://www.securityfocus.com/archive/1/489861/100/0/threaded http://www.securityfocus.com/bid/28296 http://www.securitytracker.com/id?1019685 http://www.vupen.com/english/advisories/2008/0952/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •