CVE-2008-1287

Опубликовано: 11 мар. 2008

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Ссылки

http://secunia.com/advisories/29280
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
Patch
http://www.securityfocus.com/bid/28132
Patch
http://www.securitytracker.com/id?1019566
http://www.vupen.com/english/advisories/2008/0804/references
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
http://secunia.com/advisories/29280
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
Patch
http://www.securityfocus.com/bid/28132
Patch
http://www.securitytracker.com/id?1019566
http://www.vupen.com/english/advisories/2008/0804/references
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00503

Низкий

5 Medium

CVSS2

Дефекты

CWE-16

Связанные уязвимости

GHSA-8m9x-884p-q39p

github

почти 4 года назад