Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0744Sensitive Information Exposure in IBM Rational Clearquest

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
6.0%
top 9.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Rational Clearquest
Timeline
PublishedAug 17
Latest updateMay 17

Description

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearquest19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-j3rr-79qq-g9pm: IBM Rational ClearQuest 72022-05-17
CVEList
CVE-2012-0744: IBM Rational ClearQuest 72012-08-17

💥Exploits & PoCs

1
Exploit-DB
IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities2012-08-27

📋Vendor Advisories

1
Red Hat
Kernel: xfrm_user: info leak in copy_to_user_auth2012-09-19
CVE-2012-0744 — Sensitive Information Exposure in IBM | cvebase