IBM Rational ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be assistance to attackers in crafting their attacks.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2012-2168****
Description: ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be of assistance to attackers in crafting their attacks.
Starting with ClearQuest 7.1.2.7 and 8.0.0.3, this stack trace information is not displayed for CM Server web error messages.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75048> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
IBM Rational ClearQuest Web prior to version 7.1.27 or 8.0.0.3.
Upgrade to one of the following releases:
Workaround:
Use ClearQuest desktop applications.
Mitigation:
None