Vulnerability Name:

CVE-2009-2211 (CCN-51356)

Assigned:2009-06-23
Published:2009-06-23
Updated:2009-07-02
Summary:Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-2211

Source: CCN
Type: SA35564
IBM Rational ClearQuest CQWeb Server Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35564

Source: CCN
Type: SECTRACK ID: 1022456
IBM Rational ClearQuest Bugs Permit Cross-Site Scripting Attacks and Username/Password Disclosure

Source: AIXAPAR
Type: Patch, Vendor Advisory
PK77030

Source: CCN
Type: IBM APAR PK77030
Security vulnerabilities reported for CQWeb server: 'Cross-Site Scripting' and 'Possible Username or Password Disclosure'.

Source: CCN
Type: OSVDB ID: 55349
IBM Rational ClearQuest CQWeb Server Unspecified XSS

Source: CCN
Type: BID-35490
IBM Rational ClearQuest CQWeb Server Cross Site Scripting and Information Disclosure Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022456

Source: XF
Type: UNKNOWN
clearquest-cqwebserver-xss(51356)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm rational clearquest 7.0
    ibm rational clearquest 7.0.0.0
    ibm rational clearquest 7.0.0.1
    ibm rational clearquest 7.0.0.2
    ibm rational clearquest 7.0.0.3
    ibm rational clearquest 7.0.0.4
    ibm rational clearquest 7.0.0.5
    ibm rational clearquest 7.0.1
    ibm rational clearquest 7.0.1.0
    ibm rational clearquest 7.0.1.1
    ibm rational clearquest 7.0.1.2
    ibm rational clearquest 7.0.1.3
    ibm rational clearquest 7.0.1.4
    ibm rational clearquest 7.0.2
    ibm rational clearquest 7.0.1
    ibm rational clearquest 7.0.1.1
    ibm rational clearquest 7.0.2
    ibm rational clearquest 7.0
    ibm rational clearquest 7.0.0.0
    ibm rational clearquest 7.0.0.1
    ibm rational clearquest 7.0.1.2
    ibm rational clearquest 7.0.0.3
    ibm rational clearquest 7.0.0.2
    ibm rational clearquest 7.0.0.4
    ibm rational clearquest 7.0.0.5
    ibm rational clearquest 7.0.1.4
    ibm rational clearquest 7.0.1.3
    ibm rational clearquest 7.0.1.0