Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2922 | 1 Ibm | 1 Rational Clearquest | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. | |||||
| CVE-2008-5325 | 1 Ibm | 1 Rational Clearquest | 2018-11-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1468 | 1 Ibm | 1 Rational Clearquest | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. | |||||
| CVE-2007-4592 | 1 Ibm | 1 Rational Clearquest | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. | |||||
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | |||||
| CVE-2014-0950 | 1 Ibm | 1 Rational Clearquest | 2018-05-24 | 5.5 MEDIUM | 7.1 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. | |||||
| CVE-2012-0708 | 1 Ibm | 1 Rational Clearquest | 2017-12-18 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. | |||||
| CVE-2013-0598 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2013-3041 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." | |||||
| CVE-2012-5757 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2012-4839 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 4.3 MEDIUM | N/A |
| The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. | |||||
| CVE-2012-5765 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | |||||
| CVE-2012-2165 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 3.5 LOW | N/A |
| IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. | |||||
| CVE-2012-2168 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 4.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. | |||||
| CVE-2012-2169 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. | |||||
| CVE-2012-2164 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 5.5 MEDIUM | N/A |
| The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. | |||||
| CVE-2012-0744 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. | |||||
| CVE-2012-2205 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. | |||||
| CVE-2011-1205 | 1 Ibm | 3 Rational Clearcase, Rational Clearquest, Rational Common Licensing | 2017-08-16 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | |||||
| CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | |||||