CVE-2009-4357Sensitive Information Exposure in IBM Rational Clearcase

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 43.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Rational ClearcaseIBM Rational Clearquest
Timeline
PublishedDec 18
Latest updateMay 2

Description

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDibm/rational_clearquest18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-gxrr-7663-gg4f: CQWeb (aka the web interface) in IBM Rational ClearQuest before 72022-05-02
CVEList
CVE-2009-4357: CQWeb (aka the web interface) in IBM Rational ClearQuest before 72009-12-18
CVE-2009-4357 — Sensitive Information Exposure in IBM | cvebase