CVE-2008-1287IBM Rational Clearquest vulnerability

CWE-163 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 33.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedMar 11
Latest updateMay 1

Description

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearquest7.0.0.2, 7.0.1.1+1

Patches

Patch: secunia.comPatch: www-1.ibm.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-8m9x-884p-q39p: IBM Rational ClearQuest 72022-05-01
CVEList
CVE-2008-1287: IBM Rational ClearQuest 72008-03-11