Lucene search

[email protected]NVD:CVE-2009-4357

HistoryDec 18, 2009 - 7:30 p.m.

CVE-2009-4357

2009-12-1819:30:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Affected configurations

Nvd

Node

ibmrational_clearcaseRange≤7.1

ibmrational_clearcaseMatch7.0.0.1

ibmrational_clearcaseMatch7.0.0.2

ibmrational_clearcaseMatch7.0.0.4

ibmrational_clearcaseMatch7.0.1.1

ibmrational_clearcaseMatch7.0.1.3

ibmrational_clearquestMatch5.00

ibmrational_clearquestMatch5.20

ibmrational_clearquestMatch6.00

ibmrational_clearquestMatch6.10

ibmrational_clearquestMatch6.12

ibmrational_clearquestMatch6.13

ibmrational_clearquestMatch6.14

ibmrational_clearquestMatch6.15

ibmrational_clearquestMatch6.16

ibmrational_clearquestMatch7.0

ibmrational_clearquestMatch7.0.0.1

ibmrational_clearquestMatch7.0.1

ibmrational_clearquestMatch7.0.1.0

ibmrational_clearquestMatch7.0.1.1

ibmrational_clearquestMatch7.0.1.3

ibmrational_clearquestMatch7.0.2

ibmrational_clearquestMatch2007

ibmrational_clearquestMatch2008

VendorProductVersionCPE
ibmrational_clearcase*cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*
ibmrational_clearcase7.0.0.1cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:*:*:*:*:*:*:*
ibmrational_clearcase7.0.0.2cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:*:*:*:*:*:*:*
ibmrational_clearcase7.0.0.4cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*
ibmrational_clearcase7.0.1.1cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*
ibmrational_clearcase7.0.1.3cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*
ibmrational_clearquest5.00cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*
ibmrational_clearquest5.20cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*
ibmrational_clearquest6.00cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*
ibmrational_clearquest6.10cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_clearcase	*	cpe:2.3:a:ibm:rational_clearcase::::::::
ibm	rational_clearcase	7.0.0.1	cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:::::::*
ibm	rational_clearcase	7.0.0.2	cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:::::::*
ibm	rational_clearcase	7.0.0.4	cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:::::::*
ibm	rational_clearcase	7.0.1.1	cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:::::::*
ibm	rational_clearcase	7.0.1.3	cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:::::::*
ibm	rational_clearquest	5.00	cpe:2.3:a:ibm:rational_clearquest:5.00:::::::*
ibm	rational_clearquest	5.20	cpe:2.3:a:ibm:rational_clearquest:5.20:::::::*
ibm	rational_clearquest	6.00	cpe:2.3:a:ibm:rational_clearquest:6.00:::::::*
ibm	rational_clearquest	6.10	cpe:2.3:a:ibm:rational_clearquest:6.10:::::::*

Rows per page:

1-10 of 241

References

secunia.com/advisories/37811

securitytracker.com/id?1023370

www-01.ibm.com/support/docview.wss?uid=swg1PK86377

www.securityfocus.com/bid/37385

www.vupen.com/english/advisories/2009/3580

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON

Related for NVD:CVE-2009-4357

seebug1 cvelist1 prion1 cve1