U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 21 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2014-0950

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.

Published: April 20, 2018; 5:29:00 PM -0400
V3.0: 7.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2015-4996

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

Published: January 02, 2016; 12:59:02 AM -0500
V3.0: 5.1 MEDIUM
V2.0: 3.6 LOW
CVE-2014-8925

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

Published: March 24, 2015; 9:59:12 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3041

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

Published: September 30, 2013; 8:55:12 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0598

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.

Published: September 27, 2013; 11:40:55 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5757

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: March 21, 2013; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2205

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

Published: August 17, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-2169

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

Published: August 17, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-2168

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

Published: August 17, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-2165

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

Published: August 17, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

Published: August 17, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2012-0744

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.

Published: August 17, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

Published: May 14, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-0708

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

Published: April 22, 2012; 2:55:03 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1205

Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.

Published: March 29, 2011; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-4603

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.

Published: December 29, 2010; 1:00:03 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2010-4602

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.

Published: December 29, 2010; 1:00:03 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-4601

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.

Published: December 29, 2010; 1:00:03 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

Published: December 29, 2010; 1:00:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-2517

Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

Published: June 30, 2010; 2:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH