IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2012-2169****
Description: The ClearQuest Web client contains a Cross-Site Scripting vulnerability.
This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75049> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:M/Au:S/C:N/I:P/A:N)
ClearQuest Web Clients prior to version 7.1.2.7.
Note: This vulnerability does not exist in ClearQuest version 8.0.0.0 or later.
Upgrade to Rational ClearQuest Fix Pack 7 (7.1.2.7) for 7.1.2 Note: If you decide to upgrade to version 8.0 (where this issue does not exist), be sure to apply Rational ClearQuest Fix Pack 3 (8.0.0.3) for 8.0 or later to ensure that your update includes additional security fixes.
Workaround:
Use ClearQuest desktop applications.
Mitigation:
Examine text names in the ClearQuest Web client and do not input or execute text names that attempt to execute JavaScript code.