Lucene search

MitreCVE-2008-1287

HistoryMar 11, 2008 - 5:44 p.m.

CVE-2008-1287

2008-03-1117:44:00

CWE-16

mitre

web.nvd.nist.gov

ibm

rational clearquest

cve-2008-1287

security

username enumeration

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Affected configurations

Nvd

Node

ibmrational_clearquestMatch7.0.0.2

ibmrational_clearquestMatch7.0.1.1

VendorProductVersionCPE
ibmrational_clearquest7.0.0.2cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
ibmrational_clearquest7.0.1.1cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_clearquest	7.0.0.2	cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:::::::*
ibm	rational_clearquest	7.0.1.1	cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:::::::*

References

secunia.com/advisories/29280

www-1.ibm.com/support/docview.wss?uid=swg1PK55561

www.securityfocus.com/bid/28132

www.securitytracker.com/id?1019566

www.vupen.com/english/advisories/2008/0804/references

exchange.xforce.ibmcloud.com/vulnerabilities/41042

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

Related for CVE-2008-1287