CVE-2010-4600Sensitive Information Exposure in IBM Rational Clearquest

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 53.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedDec 29
Latest updateMay 17

Description

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearquest4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-xvww-cpj4-267x: Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2010-4600: Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 72010-12-29
CVE-2010-4600 — Sensitive Information Exposure in IBM | cvebase