CVE-2024-28796
https://notcve.org/view.php?id=CVE-2024-28796
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. IBM ClearQuest (CQ) 9.1 a 9.1.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286833 https://www.ibm.com/support/pages/node/7160390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2922
https://notcve.org/view.php?id=CVE-2016-2922
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. IBM Rational ClearQuest desde la versión 8.0 hasta la 8.0.1.9 y desde la 9.0 hasta la 9.0.1.3 (CQ OSLC linkages, EmailRelay) fracasa a la hora de comprobar el certificado SSL contra el nombre de host solicitado. Está sujeto a un ataque Man-in-the-Middle (MitM) con un servidor de suplantación que observa todos los datos transmitidos al servidor real. • https://exchange.xforce.ibmcloud.com/vulnerabilities/113353 https://www.ibm.com/support/docview.wss?uid=ibm10718377 • CWE-295: Improper Certificate Validation •
CVE-2014-0950
https://notcve.org/view.php?id=CVE-2014-0950
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. Múltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, (2) el cliente ClearQuest Native, (3) el cliente ClearQuest Eclipse y (4) los componentes ClearQuest Eclipse Designer en IBM Rational ClearCase 7.1.1 hasta 7.1.1.9, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegación de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92623. • http://www-01.ibm.com/support/docview.wss?uid=swg21675164 https://exchange.xforce.ibmcloud.com/vulnerabilities/92623 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 http://www.securitytracker.com/id/1034558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión o insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •