Vulnerabilities > CVE-2013-3041 - Information Disclosure vulnerability in IBM Rational ClearQuest

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

ibm

nessus

NVD

Published: 2013-10-01

Updated: 2017-08-29

Summary

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Rational Clearquest 7.1 IBM Rational Clearquest 7.1.0.1 IBM Rational Clearquest 7.1.0.2 IBM Rational Clearquest 7.1.1 IBM Rational Clearquest 7.1.1.1 IBM Rational Clearquest 7.1.1.2 IBM Rational Clearquest 7.1.1.3 IBM Rational Clearquest 7.1.1.4 IBM Rational Clearquest 7.1.1.5 IBM Rational Clearquest 7.1.1.6 IBM Rational Clearquest 7.1.1.7 IBM Rational Clearquest 7.1.1.8 IBM Rational Clearquest 7.1.1.9 IBM Rational Clearquest 7.1.2 IBM Rational Clearquest 7.1.2.1 IBM Rational Clearquest 7.1.2.2 IBM Rational Clearquest 7.1.2.3 IBM Rational Clearquest 7.1.2.4 IBM Rational Clearquest 7.1.2.5 IBM Rational Clearquest 7.1.2.6 IBM Rational Clearquest 7.1.2.7 IBM Rational Clearquest 7.1.2.8 IBM Rational Clearquest 7.1.2.9 IBM Rational Clearquest 7.1.2.10 IBM Rational Clearquest 7.1.2.11 IBM Rational Clearquest 8.0 IBM Rational Clearquest 8.0.0.1 IBM Rational Clearquest 8.0.0.2 IBM Rational Clearquest 8.0.0.3 IBM Rational Clearquest 8.0.0.4 IBM Rational Clearquest 8.0.0.5 IBM Rational Clearquest 8.0.0.6 IBM Rational Clearquest 8.0.0.7 IBM Rational Clearquest 8.0.1	34

Nessus

NASL family	Windows
NASL id	IBM_RATIONAL_CLEARQUEST_8_0_1_1.NASL
description	The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1 installed. It is, therefore, potentially affected by multiple vulnerabilities : - An unspecified cross-site request forgery (CSRF) vulnerability exists. (CVE-2013-0598) - An unspecified vulnerability allows for an attacker to perform JSON hijacking attacks. (CVE-2013-3041) Note that these vulnerabilities only affect the Web Client component.
last seen	2020-06-01
modified	2020-06-02
plugin id	81780
published	2015-03-12
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81780
title	IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(81780); script_version("1.3"); script_cvs_date("Date: 2018/07/12 19:01:17"); script_cve_id("CVE-2013-0598", "CVE-2013-3041"); script_bugtraq_id(62654, 62656); script_name(english:"IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks the version of IBM Rational ClearQuest."); script_set_attribute(attribute:"synopsis", value: "The remote host has software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1 installed. It is, therefore, potentially affected by multiple vulnerabilities : - An unspecified cross-site request forgery (CSRF) vulnerability exists. (CVE-2013-0598) - An unspecified vulnerability allows for an attacker to perform JSON hijacking attacks. (CVE-2013-3041) Note that these vulnerabilities only affect the Web Client component."); # CVE-2013-0598 script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21648665"); # CVE-2013-3041 script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21648086"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM Rational ClearQuest 7.1.2.12/ 8.0.0.8 / 8.0.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies('ibm_rational_clearquest_installed.nasl'); script_require_keys('installed_sw/IBM Rational ClearQuest', "Settings/ParanoidReport"); exit(0); } include('ibm_rational_clearquest_version.inc'); rational_clearquest_check_version( fixes:make_nested_list( make_array("Min", "7.1.0.0", "Fix UI", "7.1.2.12", "Fix", "7.1212.0.162"), make_array("Min", "8.0.0.0", "Fix UI", "8.0.0.8", "Fix", "8.8.0.706"), make_array("Min", "8.0.1.0", "Fix UI", "8.0.1.1", "Fix", "8.101.0.407")), components:make_list("Web Client"), severity:SECURITY_WARNING, xsrf:TRUE );

Summary

Vulnerable Configurations

Nessus

References