Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-4357

Опубликовано: 18 дек. 2009
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*
Версия до 7.1 (включая)
cpe:2.3:a:ibm:rational_clearcase:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearcase:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearcase:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearcase:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearcase:7.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:2007:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_clearquest:2008:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00337
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-gxrr-7663-gg4f

github
почти 4 года назад

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

EPSS

Процентиль: 56%
0.00337
Низкий

5 Medium

CVSS2

Дефекты

CWE-200