Vulnerability Name:

CVE-2010-4603 (CCN-64439)

Assigned:2010-12-10
Published:2010-12-10
Updated:2017-08-17
Summary:IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CONFIRM
Type: UNKNOWN
ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme

Source: MITRE
Type: CNA
CVE-2010-4603

Source: AIXAPAR
Type: UNKNOWN
PM22186

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21125139

Source: CCN
Type: OSVDB ID: 70232
IBM Rational ClearQuest Back-reference Fields Modification Record Relationship Remote DoS

Source: BID
Type: UNKNOWN
45648

Source: CCN
Type: BID-45648
IBM Rational ClearQuest Back Reference Field Security Vulnerability

Source: XF
Type: UNKNOWN
clearquest-back-reference-sec-bypass(64439)

Source: XF
Type: UNKNOWN
clearquest-back-reference-sec-bypass(64439)

Source: CCN
Type: IBM APAR PM22186
THE CQ CORE SHOULD BE ABLE TO DETECT WHEN A REMOVE IS TAKING PLACE ON A BACKREFERENCE FIELD, AND THROW AN EXCEPTION OR NO-OP

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.0.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm rational clearquest 7.0
    ibm rational clearquest 7.0.0.0
    ibm rational clearquest 7.0.0.1
    ibm rational clearquest 7.0.0.2
    ibm rational clearquest 7.0.0.3
    ibm rational clearquest 7.0.0.4
    ibm rational clearquest 7.0.0.5
    ibm rational clearquest 7.0.0.6
    ibm rational clearquest 7.0.0.7
    ibm rational clearquest 7.0.0.8
    ibm rational clearquest 7.0.0.9
    ibm rational clearquest 7.0.1
    ibm rational clearquest 7.0.1.0
    ibm rational clearquest 7.0.1.1
    ibm rational clearquest 7.0.1.2
    ibm rational clearquest 7.0.1.3
    ibm rational clearquest 7.0.1.4
    ibm rational clearquest 7.0.1.5
    ibm rational clearquest 7.0.1.6
    ibm rational clearquest 7.0.1.7
    ibm rational clearquest 7.0.1.8
    ibm rational clearquest 7.0.1.9
    ibm rational clearquest 7.0.1.10
    ibm rational clearquest 7.1.1.1
    ibm rational clearquest 7.1.1.2
    ibm rational clearquest 7.1.1.3
    ibm rational clearquest 7.1.2
    ibm rational clearquest 7.0.1
    ibm rational clearquest 7.0.1.1
    ibm rational clearquest 7.0
    ibm rational clearquest 7.0.0.0
    ibm rational clearquest 7.0.0.1
    ibm rational clearquest 7.0.1.2
    ibm rational clearquest 7.0.0.3
    ibm rational clearquest 7.0.0.2
    ibm rational clearquest 7.0.0.4
    ibm rational clearquest 7.0.0.5
    ibm rational clearquest 7.0.1.4
    ibm rational clearquest 7.0.1.3
    ibm rational clearquest 7.0.1.0
    ibm rational clearquest 7.0.0.6
    ibm rational clearquest 7.0.0.7
    ibm rational clearquest 7.0.0.8
    ibm rational clearquest 7.0.0.9
    ibm rational clearquest 7.0.1.5
    ibm rational clearquest 7.0.1.6
    ibm rational clearquest 7.0.1.7
    ibm rational clearquest 7.0.1.8
    ibm rational clearquest 7.0.1.9
    ibm rational clearquest 7.0.1.10
    ibm rational clearquest 7.1.1.3
    ibm rational clearquest 7.1.1.2
    ibm rational clearquest 7.1.1.1
    ibm rational clearquest 7.1.2