CVE-2008-3550Sensitive Information Exposure in IBM Rational Clearquest

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 50.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedAug 8
Latest updateMay 2

Description

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-72q8-4qfp-hvwx: The CQWeb login page in IBM Rational ClearQuest 72022-05-02
CVEList
CVE-2008-3550: The CQWeb login page in IBM Rational ClearQuest 72008-08-08
CVE-2008-3550 — Sensitive Information Exposure in IBM | cvebase