IBM Rational ClearQuest 7.1.x < 18.104.22.168 / 8.0.0.x < 22.214.171.124 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 63323
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of IBM Rational ClearQuest 7.1.x prior to 126.96.36.199 / 8.0.0.x prior to 188.8.131.52 installed. It is, therefore, affected by the following vulnerabilities :
- An unspecified input validation error exists related to the Open Services for Lifecycle Collaboration (OSLC) system that can allow cross-site scripting attacks. Note that this issue only affects systems if the 'CQ Web Server' is deployed. This vulnerability only affects the 7.1.2.x versions of ClearQuest. (CVE-2012-4839)
- An unspecified input validation error exists that can allow sensitive information to be disclosed via SQL error messages. (CVE-2012-5765 / PM72905)
SolutionUpgrade to IBM Rational ClearQuest 184.108.40.206 / 220.127.116.11 or later.