Ibm

Rational Clearquest

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-28796

  • EPSS 0.14%
  • Published 17.07.2024 19:15:10
  • Last modified 21.11.2024 09:06:56

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

5.9

CVE-2016-2922

  • EPSS 0.2%
  • Published 13.08.2018 16:29:00
  • Last modified 21.11.2024 02:49:01

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing a...

7.1

CVE-2014-0950

  • EPSS 0.45%
  • Published 20.04.2018 21:29:00
  • Last modified 21.11.2024 02:03:05

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7...

5.1

CVE-2015-4996

  • EPSS 0.05%
  • Published 02.01.2016 05:59:02
  • Last modified 12.04.2025 10:46:40

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

6.8

CVE-2014-8925

  • EPSS 0.15%
  • Published 25.03.2015 01:59:12
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for reques...

4.3

CVE-2013-3041

  • EPSS 0.21%
  • Published 01.10.2013 00:55:12
  • Last modified 11.04.2025 00:51:21

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hij...

6.8

CVE-2013-0598

  • EPSS 0.12%
  • Published 28.09.2013 03:40:55
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.

4.3

CVE-2012-5757

  • EPSS 0.27%
  • Published 21.03.2013 20:55:00
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

5

CVE-2012-5765

  • EPSS 0.25%
  • Published 20.12.2012 12:02:19
  • Last modified 11.04.2025 00:51:21

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

4.3

CVE-2012-4839

  • EPSS 0.23%
  • Published 20.12.2012 12:02:17
  • Last modified 11.04.2025 00:51:21

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.