Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4996 |
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. Published: January 02, 2016; 12:59:02 AM -0500 |
V3.0: 5.1 MEDIUM V2.0: 3.6 LOW |
CVE-2014-8925 |
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. Published: March 24, 2015; 9:59:12 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3041 |
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack." Published: September 30, 2013; 8:55:12 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1205 |
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. Published: March 29, 2011; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-2517 |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. Published: June 30, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-4592 |
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. Published: March 19, 2008; 8:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |