Ibm

Rational Clearquest

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2010-4603

  • EPSS 0.67%
  • Veröffentlicht 29.12.2010 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and pos...

10

CVE-2010-4601

  • EPSS 0.49%
  • Veröffentlicht 29.12.2010 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.

5

CVE-2010-4600

  • EPSS 0.23%
  • Veröffentlicht 29.12.2010 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

7.5

CVE-2010-2517

  • EPSS 0.36%
  • Veröffentlicht 30.06.2010 18:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

5

CVE-2009-4357

  • EPSS 0.34%
  • Veröffentlicht 18.12.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

5

CVE-2009-2212

  • EPSS 0.27%
  • Veröffentlicht 25.06.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

4.3

CVE-2009-2211

  • EPSS 0.29%
  • Veröffentlicht 25.06.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2008-5327

  • EPSS 0.39%
  • Veröffentlicht 05.12.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information ...

4.3

CVE-2008-5324

  • EPSS 0.2%
  • Veröffentlicht 05.12.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-5325

  • EPSS 0.32%
  • Veröffentlicht 05.12.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.