IBM Rational ClearQuest 7.1.1.x < 7.1.1.4 / 7.1.2.x < 7.1.2.1 Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description :

The remote host is running a version of IBM Rational ClearQuest
7.1.1.x prior to 7.1.1.4 / 7.1.2.x prior to 7.1.2.1 installed. It is,
therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists in the
Dojo Toolkit that allows a remote attacker to read
cookies. (CVE-2010-4600)

- Multiple unspecified vulnerabilities exist.
(CVE-2010-4601)

- A security bypass vulnerability exists that allows a
restricted user to view arbitrary records by modifying
the record number in the URL for a RECORD action in the
browser bookmark. (CVE-2010-4602)

- A vulnerability exists due to improper processing of
back reference fields that allows an authenticated
attacker to cause a denial of service or other
unspecified impacts. (CVE-2010-4603)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146
http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811
http://www-01.ibm.com/support/docview.wss?uid=swg1PM20172
http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186
http://www-01.ibm.com/support/docview.wss?uid=swg21470998

Solution :

Upgrade to IBM Rational ClearQuest 7.1.1.4 / 7.1.2.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 81779 ()

Bugtraq ID: 45646
45648
47091

CVE ID: CVE-2010-4600
CVE-2010-4601
CVE-2010-4602
CVE-2010-4603
CVE-2011-1205

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now