CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0950
https://notcve.org/view.php?id=CVE-2014-0950
20 Apr 2018 — Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. Múltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, ... • http://www-01.ibm.com/support/docview.wss?uid=swg21675164 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.1EPSS: 0%CPEs: 52EXPL: 0CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
02 Jan 2016 — IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
25 Mar 2015 — Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de ... • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-3041
https://notcve.org/view.php?id=CVE-2013-3041
01 Oct 2013 — The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener información sensible del flujo de datos cliente-servidor a través de vectores no especi... • http://www-01.ibm.com/support/docview.wss?uid=swg21648086 •
CVSS: 9.3EPSS: 66%CPEs: 14EXPL: 1CVE-2012-0708 – IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0708
22 Apr 2012 — Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. Desbordamiento de búfer en memoria dinámica en el API Ole en el control ActiveX CQOleen cqole.dll en IBM Rational ClearQuest v7.1.1 antes de v7.1.1.9, v7.1.2 antes de v7.1.2.6, y ... • https://www.exploit-db.com/exploits/19576 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2011-1205
https://notcve.org/view.php?id=CVE-2011-1205
29 Mar 2011 — Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. Múltiples desbordamientos de búfer en objetos COM no especificados de Rational Common Licensing v7.0 hasta v7.1.1.4 en IBM Rational ClearCase v7.0.0.4 hasta v7.1.1.4, ClearQuest v7.0.0.4 hasta v7.1.1.4 y otros... • http://www.ibm.com/support/docview.wss?uid=swg21470998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4601
https://notcve.org/view.php?id=CVE-2010-4601
29 Dec 2010 — Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. Múltiples vulnerabilidades sin especificar en IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.4 y v7.1.2.x anterior a v7.1.2.1, permite a atacantes tener un impacto no especificado a través de vectores sin especificar relacionados con archivos .ocx de terceros. • http://secunia.com/advisories/42624 •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2010-4603
https://notcve.org/view.php?id=CVE-2010-4603
29 Dec 2010 — IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. IBM Rational ClearQuest 7.0.x anteriores a v7.0.1.11, v7.1.1.x anteriores a v7.1.1.4, y v7.1.2.x anteriores a v7.1.2.1 no previene la modific... • ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2517
https://notcve.org/view.php?id=CVE-2010-2517
30 Jun 2010 — Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. Múltiples vulnerabilidades no específicas en IBM Rational ClearQuest anterior al v7.1.1.02 tienen un impacto desconocido y vectores de ataque como lo demuestra un informe de AppScan • http://secunia.com/advisories/40341 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2009-4357
https://notcve.org/view.php?id=CVE-2009-4357
18 Dec 2009 — CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. La interfaz web (también conocida como CQWeb) de IBM Rational ClearQuest antes de v7.1.1 no gestiona adecuadamente el uso de URLs antiguas de conexión automática, lo que podría permitir descubrir las contraseñas de cuentas de usuario los atacantes remotos mediante vectores no esp... • http://secunia.com/advisories/37811 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •