IBM Rational ClearQuest 7.1.1.x < / 7.1.2.x < Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description :

The remote host is running a version of IBM Rational ClearQuest
7.1.1.x prior to / 7.1.2.x prior to installed. It is,
therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists in the
Dojo Toolkit that allows a remote attacker to read
cookies. (CVE-2010-4600)

- Multiple unspecified vulnerabilities exist.

- A security bypass vulnerability exists that allows a
restricted user to view arbitrary records by modifying
the record number in the URL for a RECORD action in the
browser bookmark. (CVE-2010-4602)

- A vulnerability exists due to improper processing of
back reference fields that allows an authenticated
attacker to cause a denial of service or other
unspecified impacts. (CVE-2010-4603)

See also :

Solution :

Upgrade to IBM Rational ClearQuest / or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 81779 ()

Bugtraq ID: 45646

CVE ID: CVE-2010-4600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now