CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
The remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.9 / 7.1.2.x prior to 7.1.2.6 / 8.0.0.x prior to 8.0.0.2 installed. It is, therefore, affected by the following vulnerabilities :
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(59293);
script_version("1.7");
script_cvs_date("Date: 2018/07/12 19:01:17");
script_cve_id("CVE-2011-1390", "CVE-2012-0708");
script_bugtraq_id(53170, 53483);
script_name(english:"IBM Rational ClearQuest 7.1.1.x < 7.1.1.9 / 7.1.2.x < 7.1.2.6 / 8.0.0.x < 8.0.0.2 Multiple Vulnerabilities (credentialed check)");
script_summary(english:"Checks the version of IBM Rational ClearQuest.");
script_set_attribute(
attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected
by multiple vulnerabilities."
);
script_set_attribute(
attribute:"description", value:
"The remote host is running a version of IBM Rational ClearQuest
7.1.1.x prior to 7.1.1.9 / 7.1.2.x prior to 7.1.2.6 / 8.0.0.x prior
to 8.0.0.2 installed. It is, therefore, affected by the following
vulnerabilities :
- A SQL injection vulnerability exists in the ClearQuest
Maintenance tool when upgrading the user database. Note
that the Maintenance tool must be able to directly
connect to ClearQuest repositories to be exploitable.
(CVE-2011-1390)
- A heap-based buffer overflow vulnerability exists in the
'RegisterSchemaRepoFromFileByDbSet' function of the
CQOle ActiveX control (cqole.dll) due to improper
parsing of parameters. Exploitation of this issue can
result in arbitrary code execution. (CVE-2012-0708)"
);
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21594717");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21591705");
script_set_attribute(
attribute:"solution", value:
"Upgrade to IBM Rational ClearQuest 7.1.1.9 / 7.1.2.6 / 8.0.0.2 or
later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'IBM Rational ClearQuest CQOle Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2012/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_dependencies('ibm_rational_clearquest_installed.nasl');
script_require_keys('installed_sw/IBM Rational ClearQuest');
exit(0);
}
include('ibm_rational_clearquest_version.inc');
rational_clearquest_check_version(
fixes:make_nested_list(
make_array("Min", "7.1.0.0", "Fix UI", "7.1.1.9", "Fix", "7.1109.0.176"),
make_array("Min", "7.1.2.0", "Fix UI", "7.1.2.6", "Fix", "7.1206.0.141"),
make_array("Min", "8.0.0.0", "Fix UI", "8.0.0.2", "Fix", "8.2.0.680")),
severity:SECURITY_HOLE,
sqli:TRUE
);