CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2922
https://notcve.org/view.php?id=CVE-2016-2922
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. IBM Rational ClearQuest desde la versión 8.0 hasta la 8.0.1.9 y desde la 9.0 hasta la 9.0.1.3 (CQ OSLC linkages, EmailRelay) fracasa a la hora de comprobar el certificado SSL contra el nombre de host solicitado. Está sujeto a un ataque Man-in-the-Middle (MitM) con un servidor de suplantación que observa todos los datos transmitidos al servidor real. • https://exchange.xforce.ibmcloud.com/vulnerabilities/113353 https://www.ibm.com/support/docview.wss?uid=ibm10718377 • CWE-295: Improper Certificate Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0950
https://notcve.org/view.php?id=CVE-2014-0950
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. Múltiples vulnerabilidades de XEE (XML External Entity) en (1) CQWeb / CM Server, (2) el cliente ClearQuest Native, (3) el cliente ClearQuest Eclipse y (4) los componentes ClearQuest Eclipse Designer en IBM Rational ClearCase 7.1.1 hasta 7.1.1.9, 7.1.2 hasta 7.1.2.13, 8.0 hasta 8.0.0.10 y 8.0.1 hasta 8.0.1.3 permiten que atacantes remotos provoquen una denegación de servicio (DoS) o accedan a otros servidores mediante datos XML manipulados. IBM X-Force ID: 92623. • http://www-01.ibm.com/support/docview.wss?uid=swg21675164 https://exchange.xforce.ibmcloud.com/vulnerabilities/92623 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.1EPSS: 0%CPEs: 52EXPL: 0CVE-2015-4996
https://notcve.org/view.php?id=CVE-2015-4996
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. IBM Rational ClearQuest 7.1.x y 8.0.0.x en versiones anteriores a 8.0.0.17 y 8.0.1.x en versiones anteriores a 8.0.1.10 permite a usuarios locales suplantar servidores de base de datos y descubrir credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972331 http://www.securitytracker.com/id/1034558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2014-8925
https://notcve.org/view.php?id=CVE-2014-8925
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Vulnerabilidad de CSRF en ClearQuest Web en IBM Rational ClearQuest 7.1.x anterior a 7.1.2.17, 8.0.0.x anterior a 8.0.0.14, y 8.0.1.x anterior a 8.0.1.7 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión o insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21699148 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-3041
https://notcve.org/view.php?id=CVE-2013-3041
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." El Cliente Web en IBM Rational ClearQuest 7.1 anteriores a 7.1.2.12, 8.0 anteriores a 8.0.0.8, y 8.01 anteriores a 8.0.1.1 permite a atacantes remotos obtener información sensible del flujo de datos cliente-servidor a través de vectores no especificados asociados con un "ataque de secuestro JSON". • http://www-01.ibm.com/support/docview.wss?uid=swg21648086 https://exchange.xforce.ibmcloud.com/vulnerabilities/84724 •