Skip to main content

Rational Clearquest CVE-2012-2205

LOW
Cross-site Scripting (XSS) (CWE-79)
2012-08-17 psirt@us.ibm.com
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 17, 2012 - 20:55 cve.org
LOW 3.5

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

AnalysisAI

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. Affected products include: Ibm Rational Clearquest. Version information: before 7.1.2.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-0708 CRITICAL POC
9.3 Apr 22

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 bef

CVE-2012-0744 MEDIUM POC
5.0 Aug 17

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sens

CVE-2013-0598 MEDIUM
6.8 Sep 28

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 be

CVE-2014-8925 MEDIUM
6.8 Mar 25

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.

CVE-2012-2164 MEDIUM
5.5 Aug 17

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users

CVE-2024-28796 MEDIUM
5.4 Jul 17

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),

CVE-2015-4996 MEDIUM
5.1 Jan 02

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof databa

CVE-2012-5765 MEDIUM
5.0 Dec 20

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote a

CVE-2012-5757 MEDIUM
4.3 Mar 21

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x befo

CVE-2012-4839 MEDIUM
4.3 Dec 20

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8

CVE-2013-3041 MEDIUM
4.3 Oct 01

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remot

CVE-2012-2168 MEDIUM
4.0 Aug 17

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitiv

Share

CVE-2012-2205 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy