Skip to main content

Rational Clearquest CVE-2012-2165

LOW
Information Exposure (CWE-200)
2012-08-17 psirt@us.ibm.com
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 17, 2012 - 20:55 cve.org
LOW 3.5

DescriptionCVE.org

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

AnalysisAI

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. Affected products include: Ibm Rational Clearquest. Version information: before 7.1.2.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-0708 CRITICAL POC
9.3 Apr 22

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 bef

CVE-2012-0744 MEDIUM POC
5.0 Aug 17

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sens

CVE-2013-0598 MEDIUM
6.8 Sep 28

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 be

CVE-2014-8925 MEDIUM
6.8 Mar 25

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.

CVE-2012-2164 MEDIUM
5.5 Aug 17

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users

CVE-2024-28796 MEDIUM
5.4 Jul 17

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),

CVE-2015-4996 MEDIUM
5.1 Jan 02

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof databa

CVE-2012-5765 MEDIUM
5.0 Dec 20

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote a

CVE-2012-5757 MEDIUM
4.3 Mar 21

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x befo

CVE-2012-4839 MEDIUM
4.3 Dec 20

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8

CVE-2013-3041 MEDIUM
4.3 Oct 01

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remot

CVE-2012-2168 MEDIUM
4.0 Aug 17

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitiv

Share

CVE-2012-2165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy