Vulnerability Name: CVE-2012-0744 (CCN-74671) Assigned: 2012-08-08 Published: 2012-08-08 Updated: 2017-08-29 Summary: IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2012-0744 PM66896 Information Disclosure: ClearQuest Web leftover scripts (CVE-2012-0744) http://www.ibm.com/support/docview.wss?uid=swg21599361 http://www.ibm.com/support/docview.wss?uid=swg21606317 IBM Rational ClearQuest Cross Site Scripting and Information Disclosure Vulnerabilities rcq-installscripts-info-disclosure(74671) rcq-installscripts-info-disclosure(74671) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:* Configuration 2 :cpe:/a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:* BACK
ibm rational clearquest 7.1.1.1
ibm rational clearquest 7.1.1.2
ibm rational clearquest 7.1.1.3
ibm rational clearquest 7.1.1.4
ibm rational clearquest 7.1.1.5
ibm rational clearquest 7.1.1.6
ibm rational clearquest 7.1.1.7
ibm rational clearquest 7.1.1.8
ibm rational clearquest 7.1.2
ibm rational clearquest 7.1.2.1
ibm rational clearquest 7.1.2.2
ibm rational clearquest 7.1.2.3
ibm rational clearquest 7.1.2.4
ibm rational clearquest 7.1.2.5
ibm rational clearquest 7.1.2.6
ibm rational clearquest 8.0
ibm rational clearquest 8.0.0.1
ibm rational clearquest 8.0.0.2
ibm rational clearquest 8.0.0.3
ibm rational clearquest 7.1
ibm rational clearquest 8.0
Denotes that component is vulnerable