CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2205
https://notcve.org/view.php?id=CVE-2012-2205
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3 permite inyectar secuencias de comandos web o HTML a los usuarios remotos autenticados a través de una consulta de espacio de trabajo. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670 http://www.ibm.com/support/docview.wss?uid=swg21605838 https://exchange.xforce.ibmcloud.com/vulnerabilities/77094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2165
https://notcve.org/view.php?id=CVE-2012-2165
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y v8.x antes de v8.0.0.3, cuando la autenticación ClearQuest está activada, permite leer los hashes de contraseñas a usuarios remotos autenticados a través de una consulta de usuario. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740 http://www.ibm.com/support/docview.wss?uid=swg21606385 https://exchange.xforce.ibmcloud.com/vulnerabilities/75040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2164
https://notcve.org/view.php?id=CVE-2012-2164
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. El cliente Web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y 8.x antes de v8.0.0.3 permite pasar por alto las restricciones de acceso a los usuarios remotos autenticados, y usar el menú Administración de sitios para modificar la configuración del sistema a través de un ataque de manipulación de parámetros. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735 http://www.ibm.com/support/docview.wss?uid=swg21606318 https://exchange.xforce.ibmcloud.com/vulnerabilities/75039 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1390
https://notcve.org/view.php?id=CVE-2011-1390
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. Una vulnerabilidad de inyección SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprovechamiento de una error en la función de actualización por el usuario de base de datos. • http://osvdb.org/81815 http://secunia.com/advisories/49093 http://www-01.ibm.com/support/docview.wss?uid=swg21594717 http://www.securityfocus.com/bid/53483 http://www.securitytracker.com/id?1027060 https://exchange.xforce.ibmcloud.com/vulnerabilities/71802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 1CVE-2012-0708 – IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0708
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. Desbordamiento de búfer en memoria dinámica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y v8.0.0 antes de v8.0.0.2, permite a atacantes remotos ejecutar código de su elección a través de una página modificada que aprovecha un desajuste de la función-prototipo RegisterSchemaRepoFromFileByDbSet. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. • https://www.exploit-db.com/exploits/19576 http://osvdb.org/81443 http://secunia.com/advisories/48933 http://www.ibm.com/support/docview.wss?uid=swg21591705 http://www.securityfocus.com/bid/53170 http://www.securitytracker.com/id?1026958 https://exchange.xforce.ibmcloud.com/vulnerabilities/73492 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •