CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 1CVE-2012-0708 – IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0708
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. Desbordamiento de búfer en memoria dinámica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y v8.0.0 antes de v8.0.0.2, permite a atacantes remotos ejecutar código de su elección a través de una página modificada que aprovecha un desajuste de la función-prototipo RegisterSchemaRepoFromFileByDbSet. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. • https://www.exploit-db.com/exploits/19576 http://osvdb.org/81443 http://secunia.com/advisories/48933 http://www.ibm.com/support/docview.wss?uid=swg21591705 http://www.securityfocus.com/bid/53170 http://www.securitytracker.com/id?1026958 https://exchange.xforce.ibmcloud.com/vulnerabilities/73492 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4603
https://notcve.org/view.php?id=CVE-2010-4603
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. IBM Rational ClearQuest 7.0.x anteriores a v7.0.1.11, v7.1.1.x anteriores a v7.1.1.4, y v7.1.2.x anteriores a v7.1.2.1 no previene la modificación de campos referencia hacia atrás, lo que permite a usuarios remotos autenticados interferir con las relaciones de registros establecidas, y posiblemente causar una denegación de servicio (bucle) u otro tipo de impacto no especificado, a través de (1) la inclusión o (2) la eliminación de una referencia hacia atrás. • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186 http://www-01.ibm.com/support/docview.wss?uid=swg21125139 http://www.securityfocus.com/bid/45648 https://exchange.xforce.ibmcloud.com/vulnerabilities/64439 •
CVSS: 4.0EPSS: 1%CPEs: 4EXPL: 1CVE-2010-4602
https://notcve.org/view.php?id=CVE-2010-4602
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. El cliente web en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a usuarios autenticados remotamente evitar las limitaciones de usuario y leer registros de su elección, a través de un número de registro modificado en la URL de una acción RECORD, como se ha demostrado modificando bookmark. • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172 http://www.securityfocus.com/bid/45646 https://exchange.xforce.ibmcloud.com/vulnerabilities/64440 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2010-4600
https://notcve.org/view.php?id=CVE-2010-4600
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. Dojo Toolkit, como el usado en en el cliente Web de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anteriores a v7.1.2.1, permite a atacantes remotos leer las cookies navegando hasta el archivo Dojo, relacionado con el problema "Open direct" • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://secunia.com/advisories/42624 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4601
https://notcve.org/view.php?id=CVE-2010-4601
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. Múltiples vulnerabilidades sin especificar en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a atacantes tener un impacto no especificado a través de vectores sin especificar relacionados con archivos .ocx de terceros. • http://secunia.com/advisories/42624 http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811 •