CVE-2008-5328 — IBM Rational Clearquest vulnerability

CWE-3103 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 32.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Clearquest

Timeline

PublishedDec 5

Latest updateMay 17

Description

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/rational_clearquest7.0.0.3+6

🔴Vulnerability Details

GHSA

GHSA-vmqr-2593-p593: The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection↗2022-05-17

▶

CVEList

CVE-2008-5328: The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection↗2008-12-05

▶