IBM Rational ClearQuest 7.x < 188.8.131.52 / 8.0.0.x < 184.108.40.206 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 61565
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of IBM Rational ClearQuest 7.x prior to 220.127.116.11 / 8.0.0.x prior to 18.104.22.168 installed. It is, therefore, affected by the following vulnerabilities :
- A cross-site scripting vulnerability exists that can be exploited by an attacker by tricking a victim into opening a specially crafted report. (CVE-2012-2205)
- An information disclosure vulnerability exists that allows an attacker unauthorized access to password information. (CVE-2012-2165)
- ClearQuest Web sometimes displays sensitive stack trace information in error messages. (CVE-2012-2168)
- The ClearQuest Web Help component contains a reflected cross-site scripting vulnerability. (CVE-2012-2161)
- Some scripts inside the ClearQuest Web Help application are vulnerable to open redirect attacks. (CVE-2012-2159)
- The ClearQuest web client is subject to an elevated privilege attack that allows an attacker access to the 'Site Administration' menu. (CVE-2012-2164)
- The ClearQuest web client file-upload functionality is affected by a cross-site scripting vulnerability that can be exploited by an authenticated user via the 'File Description' field. (CVE-2012-2169)
- Attackers can obtain potentially sensitive information via a request to a 'snoop', 'hello', 'ivt/', 'hitcount', 'HitCount.jsp', 'HelloHTMLError.jsp', 'HelloHTML.jsp', 'HelloVXMLError.jsp', 'HelloWMLError.jsp', 'HellowWML.jsp' or 'cqweb/j_security_check' sample script. (CVE-2012-0744)
SolutionUpgrade to IBM Rational ClearQuest 22.214.171.124 / 126.96.36.199 or later.