Lucene search
HistoryMar 25, 2015 - 1:59 a.m.
CVE-2014-8925
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
62.1%
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
Affected configurations
Node
ibmrational_clearquestMatch7.1
ORibmrational_clearquestMatch7.1.0.1
ORibmrational_clearquestMatch7.1.0.2
ORibmrational_clearquestMatch7.1.1
ORibmrational_clearquestMatch7.1.1.1
ORibmrational_clearquestMatch7.1.1.2
ORibmrational_clearquestMatch7.1.1.3
ORibmrational_clearquestMatch7.1.1.4
ORibmrational_clearquestMatch7.1.1.5
ORibmrational_clearquestMatch7.1.1.6
ORibmrational_clearquestMatch7.1.1.7
ORibmrational_clearquestMatch7.1.1.8
ORibmrational_clearquestMatch7.1.1.9
ORibmrational_clearquestMatch7.1.2
ORibmrational_clearquestMatch7.1.2.1
ORibmrational_clearquestMatch7.1.2.2
ORibmrational_clearquestMatch7.1.2.3
ORibmrational_clearquestMatch7.1.2.4
ORibmrational_clearquestMatch7.1.2.5
ORibmrational_clearquestMatch7.1.2.6
ORibmrational_clearquestMatch7.1.2.7
ORibmrational_clearquestMatch7.1.2.8
ORibmrational_clearquestMatch7.1.2.9
ORibmrational_clearquestMatch7.1.2.10
ORibmrational_clearquestMatch7.1.2.11
ORibmrational_clearquestMatch7.1.2.12
ORibmrational_clearquestMatch7.1.2.13
ORibmrational_clearquestMatch7.1.2.14
ORibmrational_clearquestMatch7.1.2.15
ORibmrational_clearquestMatch8.0.0
ORibmrational_clearquestMatch8.0.0.1
ORibmrational_clearquestMatch8.0.0.2
ORibmrational_clearquestMatch8.0.0.3
ORibmrational_clearquestMatch8.0.0.4
ORibmrational_clearquestMatch8.0.0.5
ORibmrational_clearquestMatch8.0.0.6
ORibmrational_clearquestMatch8.0.0.7
ORibmrational_clearquestMatch8.0.0.8
ORibmrational_clearquestMatch8.0.0.9
ORibmrational_clearquestMatch8.0.0.10
ORibmrational_clearquestMatch8.0.0.11
ORibmrational_clearquestMatch8.0.0.12
ORibmrational_clearquestMatch8.0.1
ORibmrational_clearquestMatch8.0.1.1
ORibmrational_clearquestMatch8.0.1.2
ORibmrational_clearquestMatch8.0.1.3
ORibmrational_clearquestMatch8.0.1.4
ORibmrational_clearquestMatch8.0.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | rational_clearquest | 7.1 | cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.0.1 | cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.0.2 | cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1 | cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.1 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.2 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.3 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.4 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.5 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:* |
| ibm | rational_clearquest | 7.1.1.6 | cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2014-8925
2015-03-25 01:59:12
prion
prion
Cross site request forgery (csrf)
2015-03-25 01:59:00
cvelist
cvelist
CVE-2014-8925
2015-03-25 01:00:00
kaspersky
kaspersky
KLA10497 Security bypass vulnerability in IBM Rational ClearQuest
2015-03-24 00:00:00
ibm
ibm
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
62.1%
Related for NVD:CVE-2014-8925