IBM Rational ClearQuest 7.x < / 8.0.0.x < Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote host has software installed that is affected by multiple

Description :

The remote host has a version of IBM Rational ClearQuest 7.x prior to / 8.0.0.x prior to installed. It is, therefore,
affected by the following vulnerabilities :

- A cross-site scripting vulnerability exists that can
be exploited by an attacker by tricking a victim into
opening a specially crafted report. (CVE-2012-2205)

- An information disclosure vulnerability exists that
allows an attacker unauthorized access to password
information. (CVE-2012-2165)

- ClearQuest Web sometimes displays sensitive stack trace
information in error messages. (CVE-2012-2168)

- The ClearQuest Web Help component contains a reflected
cross-site scripting vulnerability. (CVE-2012-2161)

- Some scripts inside the ClearQuest Web Help application
are vulnerable to open redirect attacks. (CVE-2012-2159)

- The ClearQuest web client is subject to an elevated
privilege attack that allows an attacker access to the
'Site Administration' menu. (CVE-2012-2164)

- The ClearQuest web client file-upload functionality is
affected by a cross-site scripting vulnerability that
can be exploited by an authenticated user via the 'File
Description' field. (CVE-2012-2169)

- Attackers can obtain potentially sensitive information
via a request to a 'snoop', 'hello', 'ivt/', 'hitcount',
'HitCount.jsp', 'HelloHTMLError.jsp', 'HelloHTML.jsp',
'HelloVXMLError.jsp', 'HelloWMLError.jsp',
'HellowWML.jsp' or 'cqweb/j_security_check' sample
script. (CVE-2012-0744)

See also :

Solution :

Upgrade to IBM Rational ClearQuest / or later.

Risk factor :

Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now