IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2012-2205
Description: The ClearQuest Web client contains a Cross-Site Scripting vulnerability.
This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See<https://exchange.xforce.ibmcloud.com/vulnerabilities/77094> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
ClearQuest Web Clients prior to version 7.1.2.7 or 8.0.0.3.
Upgrade to one of the following releases:
Workaround:
Use ClearQuest desktop applications.
Mitigation:
Examine text names in the ClearQuest Web client and do not input or execute text names that attempt to execute JavaScript code.