CVE-2011-1390

critical

Description

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/71802

http://www.securitytracker.com/id?1027060

http://www.securityfocus.com/bid/53483

http://www-01.ibm.com/support/docview.wss?uid=swg21594717

http://secunia.com/advisories/49093

http://osvdb.org/81815

Details

Source: Mitre, NVD

Published: 2012-05-14

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical