IBM Rational ClearQuest Multiple Information Disclosure Vulnerabilities Network Vulnerability

Summary

This host is installed with IBM Rational ClearQuest and is prone to multiple information disclosure vulnerabilities.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information. Impact Level: Application

Solution

Apply the patch from below link, http://www-01.ibm.com/support/docview.wss?uid=swg21606317

Insight

The flaws are due to improper access controls on certain post-installation sample scripts. By sending a direct request, an attacker could obtain system paths, product versions, and other sensitive information.

Affected

IBM Rational ClearQuest 7.1.x to 7.1.2.7 and 8.x to 8.0.0.3

References

http://www-01.ibm.com/support/docview.wss?uid=swg21599361
http://www-01.ibm.com/support/docview.wss?uid=swg21606317
http://xforce.iss.net/xforce/xfdb/74671

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0744

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
AMSI 'file' Parameter Directory Traversal Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities