CVE-2011-1390SQL Injection in IBM Rational Clearquest

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Clearquest
Timeline
PublishedMay 14
Latest updateMay 17

Description

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/rational_clearquest16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-75w9-f53w-7vh5: SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2011-1390: SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 72012-05-14
CVE-2011-1390 — SQL Injection in IBM | cvebase