IBM Rational ClearQuest 7.x < / 8.0.0.x < Multiple Vulnerabilities (credentialed check)

Medium Nessus Plugin ID 61565


The remote host has software installed that is affected by multiple vulnerabilities.


The remote host has a version of IBM Rational ClearQuest 7.x prior to / 8.0.0.x prior to installed. It is, therefore, affected by the following vulnerabilities :

- A cross-site scripting vulnerability exists that can be exploited by an attacker by tricking a victim into opening a specially crafted report. (CVE-2012-2205)

- An information disclosure vulnerability exists that allows an attacker unauthorized access to password information. (CVE-2012-2165)

- ClearQuest Web sometimes displays sensitive stack trace information in error messages. (CVE-2012-2168)

- The ClearQuest Web Help component contains a reflected cross-site scripting vulnerability. (CVE-2012-2161)

- Some scripts inside the ClearQuest Web Help application are vulnerable to open redirect attacks. (CVE-2012-2159)

- The ClearQuest web client is subject to an elevated privilege attack that allows an attacker access to the 'Site Administration' menu. (CVE-2012-2164)

- The ClearQuest web client file-upload functionality is affected by a cross-site scripting vulnerability that can be exploited by an authenticated user via the 'File Description' field. (CVE-2012-2169)

- Attackers can obtain potentially sensitive information via a request to a 'snoop', 'hello', 'ivt/', 'hitcount', 'HitCount.jsp', 'HelloHTMLError.jsp', 'HelloHTML.jsp', 'HelloVXMLError.jsp', 'HelloWMLError.jsp', 'HellowWML.jsp' or 'cqweb/j_security_check' sample script. (CVE-2012-0744)


Upgrade to IBM Rational ClearQuest / or later.

See Also

Plugin Details

Severity: Medium

ID: 61565

File Name: ibm_rational_clearquest_7_1_2_7.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2012/08/16

Modified: 2015/03/12

Dependencies: 61564

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:rational_clearquest

Required KB Items: installed_sw/IBM Rational ClearQuest

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/06/26

Vulnerability Publication Date: 2012/06/26

Reference Information

CVE: CVE-2012-0744, CVE-2012-2159, CVE-2012-2161, CVE-2012-2164, CVE-2012-2165, CVE-2012-2168, CVE-2012-2169, CVE-2012-2205

BID: 53884, 54222, 55125

OSVDB: 82711, 82754, 83358, 83359, 84819, 84915, 84916, 84917

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990