Vulnerabilities > IBM > Rational Clearquest > High

DATE CVE VULNERABILITY TITLE RISK
2012-05-14 CVE-2011-1390 SQL Injection vulnerability in IBM Rational Clearquest
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
network
low complexity
ibm CWE-89
7.5
7.5
2010-06-30 CVE-2010-2517 Security vulnerability in IBM Rational ClearQuest
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
network
low complexity
ibm
7.5
7.5
2008-12-05 CVE-2008-5329 Denial-Of-Service vulnerability in Rational ClearQuest
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.
network
low complexity
ibm
7.5
7.5
2007-08-15 CVE-2007-4368 SQL Injection vulnerability in IBM Rational Clearquest 7.0.0.0/7.0.0.1
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
network
low complexity
ibm CWE-89
7.5
7.5