CVE-2009-4357

high

Description

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

References

http://www.vupen.com/english/advisories/2009/3580

http://www.securityfocus.com/bid/37385

http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377

http://securitytracker.com/id?1023370

http://secunia.com/advisories/37811

Details

Source: Mitre, NVD

Published: 2009-12-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00337