This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Windows host has an application installed that is affected
by multiple vulnerabilities.
The remote host is running a version of IBM Rational ClearQuest
7.1.1.x prior to 22.214.171.124 / 7.1.2.x prior to 126.96.36.199 / 8.0.0.x prior
to 188.8.131.52 installed. It is, therefore, affected by the following
- A SQL injection vulnerability exists in the ClearQuest
Maintenance tool when upgrading the user database. Note
that the Maintenance tool must be able to directly
connect to ClearQuest repositories to be exploitable.
- A heap-based buffer overflow vulnerability exists in the
'RegisterSchemaRepoFromFileByDbSet' function of the
CQOle ActiveX control (cqole.dll) due to improper
parsing of parameters. Exploitation of this issue can
result in arbitrary code execution. (CVE-2012-0708)
See also :
Upgrade to IBM Rational ClearQuest 184.108.40.206 / 220.127.116.11 / 18.104.22.168 or
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true