IBM Rational ClearQuest 7.1.x < 7.1.2.10 / 8.0.0.x < 8.0.0.6 Web Client Unspecified XSS (credentialed check)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by a
cross-site scripting vulnerability.

Description :

The remote host has a version of IBM Rational ClearQuest 7.1.x prior
to 7.1.2.10 / 8.0.0.x prior to 8.0.0.6 installed. It is, therefore,
potentially affected by an unspecified cross-site scripting
vulnerability related to the 'Web client' component.

Note that only hosts with the server component 'Web client' deployed
are affected. Hosts with only the 'Desktop' components deployed are
not affected.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21619993
http://www.nessus.org/u?2a37c0fd

Solution :

Upgrade to IBM Rational ClearQuest 7.1.2.10 / 8.0.0.6 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66172 ()

Bugtraq ID: 58631

CVE ID: CVE-2012-5757

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now