Vulnerabilities > IBM > Rational Clearquest > 7.1.1

DATE CVE VULNERABILITY TITLE RISK
2018-04-20 CVE-2014-0950 XXE vulnerability in IBM Rational Clearquest
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data.
network
low complexity
ibm CWE-611
5.5
5.5
2016-01-02 CVE-2015-4996 Information Exposure vulnerability in IBM Rational Clearquest
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
local
low complexity
ibm CWE-200
3.6
3.6
2015-03-25 CVE-2014-8925 Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Clearquest
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
network
ibm CWE-352
6.8
6.8
2013-10-01 CVE-2013-3041 Information Disclosure vulnerability in IBM Rational ClearQuest
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."
network
ibm
4.3
4.3
2012-04-22 CVE-2012-0708 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearquest
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
network
ibm CWE-119
critical
 9.3
9.3
2010-06-30 CVE-2010-2517 Security vulnerability in IBM Rational ClearQuest
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
network
low complexity
ibm
7.5
7.5
2008-03-20 CVE-2007-4592 Cross-Site Scripting vulnerability in IBM Rational Clearquest
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
network
ibm CWE-79
4.3
4.3