CVE-2014-0950
https://notcve.org/view.php?id=CVE-2014-0950
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. Múltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, (2) el cliente ClearQuest Native, (3) el cliente ClearQuest Eclipse y (4) los componentes ClearQuest Eclipse Designer en IBM Rational ClearCase 7.1.1 hasta 7.1.1.9, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegación de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92623. • http://www-01.ibm.com/support/docview.wss?uid=swg21675164 https://exchange.xforce.ibmcloud.com/vulnerabilities/92623 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 http://www.securitytracker.com/id/1034558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión o insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-3041
https://notcve.org/view.php?id=CVE-2013-3041
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener información sensible del flujo de datos cliente-servidor a través de vectores no especificados asociados con un "ataque de secuestro JSON". • http://www-01.ibm.com/support/docview.wss?uid=swg21648086 https://exchange.xforce.ibmcloud.com/vulnerabilities/84724 •
CVE-2012-0708 – IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0708
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. Desbordamiento de búfer en memoria dinámica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y v8.0.0 antes de v8.0.0.2, permite a atacantes remotos ejecutar código de su elección a través de una página modificada que aprovecha un desajuste de la función-prototipo RegisterSchemaRepoFromFileByDbSet. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. • https://www.exploit-db.com/exploits/19576 http://osvdb.org/81443 http://secunia.com/advisories/48933 http://www.ibm.com/support/docview.wss?uid=swg21591705 http://www.securityfocus.com/bid/53170 http://www.securitytracker.com/id?1026958 https://exchange.xforce.ibmcloud.com/vulnerabilities/73492 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •