IBM Rational ClearQuest Web client contains SQL Error Message Attack vulnerability.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2012-5765****
Description: The ClearQuest Web client is vulnerable to a SQL Error Message Attack. Such attacks may disclose information which is helpful in creating other attacks such as server information, or information contained in the database. SQL Error Message Attacks are considered a form of SQL Injection Attack.
This vulnerability does not exist in the ClearQuest desktop clients or command line utilities.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/80211> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
ClearQuest Web Clients prior to version 7.1.2.9 or version 8.0.0.5.
Upgrade to ClearQuest version 7.1.2.9 or 8.0.0.5.
Workaround: Use ClearQuest desktop applications
Mitigation: None