Vulnerabilities > IBM > Rational Clearquest

DATE CVE VULNERABILITY TITLE RISK
2018-08-13 CVE-2016-2922 Improper Certificate Validation vulnerability in IBM Rational Clearquest
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname.
network
ibm CWE-295
4.3
2018-04-20 CVE-2014-0950 XXE vulnerability in IBM Rational Clearquest
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data.
network
low complexity
ibm CWE-611
5.5
2016-01-02 CVE-2015-4996 Information Exposure vulnerability in IBM Rational Clearquest
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
local
low complexity
ibm CWE-200
3.6
2015-03-25 CVE-2014-8925 Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Clearquest
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
network
ibm CWE-352
6.8
2013-10-01 CVE-2013-3041 Information Disclosure vulnerability in IBM Rational ClearQuest
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
network
ibm
4.3
2013-09-28 CVE-2013-0598 Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Clearquest
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
network
ibm CWE-352
6.8
2013-03-21 CVE-2012-5757 Cross-Site Scripting vulnerability in IBM Rational Clearquest
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2012-12-20 CVE-2012-5765 Information Exposure vulnerability in IBM Rational Clearquest
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
network
low complexity
ibm CWE-200
5.0
2012-12-20 CVE-2012-4839 Unspecified vulnerability in IBM Rational Clearquest
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.
network
ibm
4.3
2012-08-17 CVE-2012-2205 Cross-Site Scripting vulnerability in IBM Rational Clearquest
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
network
ibm CWE-79
3.5