IBM Rational ClearQuest 7.1.1.x < 184.108.40.206 / 7.1.2.x < 220.127.116.11 / 8.0.0.x < 18.104.22.168 Multiple Vulnerabilities (credentialed check)
High Nessus Plugin ID 59293
SynopsisThe remote Windows host has an application installed that is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 22.214.171.124 / 7.1.2.x prior to 126.96.36.199 / 8.0.0.x prior to 188.8.131.52 installed. It is, therefore, affected by the following vulnerabilities :
- A SQL injection vulnerability exists in the ClearQuest Maintenance tool when upgrading the user database. Note that the Maintenance tool must be able to directly connect to ClearQuest repositories to be exploitable.
- A heap-based buffer overflow vulnerability exists in the 'RegisterSchemaRepoFromFileByDbSet' function of the CQOle ActiveX control (cqole.dll) due to improper parsing of parameters. Exploitation of this issue can result in arbitrary code execution. (CVE-2012-0708)
SolutionUpgrade to IBM Rational ClearQuest 184.108.40.206 / 220.127.116.11 / 18.104.22.168 or later.