Page 3 of 41 results (0.003 seconds)

CVSS: 5.0EPSS: 84%CPEs: 19EXPL: 1

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. IBM Rational ClearQuest v7.1.x a v7.1.2.7 y v8.x a v8.0.0.3 permite a atacantes remotos obtener información potencialmente sensible a través de una solicitud a los scripts de ejemplo (1) snoop, (2) hello , (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp , o (12) cqweb/j_security_check. • https://www.exploit-db.com/exploits/37643 http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896 http://www.ibm.com/support/docview.wss?uid=swg21599361 http://www.ibm.com/support/docview.wss?uid=swg21606317 https://exchange.xforce.ibmcloud.com/vulnerabilities/74671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite a los usuarios remotos autenticados obtener información sensible de la traza de pila a partir de los mensajes de error del servidor CM a través de un parámetro no válido. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822 http://www.ibm.com/support/docview.wss?uid=swg21606319 https://exchange.xforce.ibmcloud.com/vulnerabilities/75048 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite inyectar secuencias de comandos web o HTML a los usuarios remotos autenticados a través de una consulta de espacio de trabajo. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670 http://www.ibm.com/support/docview.wss?uid=swg21605838 https://exchange.xforce.ibmcloud.com/vulnerabilities/77094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en las funciones de subir archivos (file-upload) en el cliente Web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del campo de descripción del archivo (File Description). • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762 http://www.ibm.com/support/docview.wss?uid=swg21607783 https://exchange.xforce.ibmcloud.com/vulnerabilities/75049 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3, cuando la autenticación ClearQuest está activada, permite leer los hashes de contraseñas a usuarios remotos autenticados a través de una consulta de usuario. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740 http://www.ibm.com/support/docview.wss?uid=swg21606385 https://exchange.xforce.ibmcloud.com/vulnerabilities/75040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •