CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2922
https://notcve.org/view.php?id=CVE-2016-2922
13 Aug 2018 — IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. IBM Rational ClearQuest desde la versión 8.0 hasta la 8.0.1.9 y desde la 9.0 hasta la 9.0.1.3 (CQ OSLC linkages, EmailRelay) fracasa a la hora de comprobar el certificado SSL contra el nombre de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/113353 • CWE-295: Improper Certificate Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0950
https://notcve.org/view.php?id=CVE-2014-0950
20 Apr 2018 — Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. Múltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, ... • http://www-01.ibm.com/support/docview.wss?uid=swg21675164 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.1EPSS: 0%CPEs: 52EXPL: 0CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
02 Jan 2016 — IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
25 Mar 2015 — Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de ... • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-3041
https://notcve.org/view.php?id=CVE-2013-3041
01 Oct 2013 — The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener información sensible del flujo de datos cliente-servidor a través de vectores no especi... • http://www-01.ibm.com/support/docview.wss?uid=swg21648086 •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2013-0598
https://notcve.org/view.php?id=CVE-2013-0598
28 Sep 2013 — Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad CSRF en el cliente Web en IBM Rational ClearQuest v7.1 anterior a v7.1.2.12, v8.0 anterior a v8.0.0.8 y v8.0.1 anterior a v8.0.1.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2012-5757
https://notcve.org/view.php?id=CVE-2012-5757
21 Mar 2013 — Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ejecución de secuiencias de comandos en sitios cruzados (XSS) en el cliente web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.10 y v8.x antes de v8.0.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL maliciosa. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5765
https://notcve.org/view.php?id=CVE-2012-5765
20 Dec 2012 — The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. El Cliente Web (también conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.5 antes de v8.0.0.x permite a atacantes remotos obtener información sensible a través de vectores no especificados que desencadenan un mensaje de error de SQL. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72905 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2012-4839
https://notcve.org/view.php?id=CVE-2012-4839
20 Dec 2012 — The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. La interfaz OSLC en el cliente Web (también conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.x antes de v8.0.0.5 permite a atacantes remotos para realizar ataques de phishing a través de un elemento FRAME. • http://www-01.ibm.com/support/docview.wss?uid=swg21620342 •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2164
https://notcve.org/view.php?id=CVE-2012-2164
17 Aug 2012 — The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. El cliente Web de IBM Rational ClearQuest v7.1.x antes de v7.1.2.7 y 8.x antes de v8.0.0.3 permite pasar por alto las restricciones de acceso a los usuarios remotos autenticados, y usar el menú Administración de sitios para modificar la configuración del... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62735 • CWE-264: Permissions, Privileges, and Access Controls •