Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-4357

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Published

2009-12-18T19:30:00.593

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	rational_clearcase	≤ 7.1	Yes
Application	ibm	rational_clearcase	7.0.0.1	Yes
Application	ibm	rational_clearcase	7.0.0.2	Yes
Application	ibm	rational_clearcase	7.0.0.4	Yes
Application	ibm	rational_clearcase	7.0.1.1	Yes
Application	ibm	rational_clearcase	7.0.1.3	Yes
Application	ibm	rational_clearquest	5.00	Yes
Application	ibm	rational_clearquest	5.20	Yes
Application	ibm	rational_clearquest	6.00	Yes
Application	ibm	rational_clearquest	6.10	Yes
Application	ibm	rational_clearquest	6.12	Yes
Application	ibm	rational_clearquest	6.13	Yes
Application	ibm	rational_clearquest	6.14	Yes
Application	ibm	rational_clearquest	6.15	Yes
Application	ibm	rational_clearquest	6.16	Yes
Application	ibm	rational_clearquest	7.0	Yes
Application	ibm	rational_clearquest	7.0.0.1	Yes
Application	ibm	rational_clearquest	7.0.1	Yes
Application	ibm	rational_clearquest	7.0.1.0	Yes
Application	ibm	rational_clearquest	7.0.1.1	Yes
Application	ibm	rational_clearquest	7.0.1.3	Yes
Application	ibm	rational_clearquest	7.0.2	Yes
Application	ibm	rational_clearquest	2007	Yes
Application	ibm	rational_clearquest	2008	Yes

References

http://secunia.com/advisories/37811 Vendor Advisory ([email protected])
http://securitytracker.com/id?1023370 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/37385 ([email protected])
http://www.vupen.com/english/advisories/2009/3580 Vendor Advisory ([email protected])
http://secunia.com/advisories/37811 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023370 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37385 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3580 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)