SQL Injection Vulnerability in IBM Rational ClearQuest Maintenance Tool
CVE-2011-1390

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 14 May 2012

Summary

An SQL injection vulnerability exists in the Maintenance tool of IBM Rational ClearQuest, specifically impacting versions prior to 7.1.1.9, 7.1.2.6, and 8.0.0.2. This flaw enables remote attackers to exploit an error in the user-database upgrade feature, allowing them to execute arbitrary SQL commands. This can lead to unauthorized access and manipulation of the database, posing a significant risk to the integrity and confidentiality of the stored data.

References

http://osvdb.org/81815

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/53483

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1027060

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 14, 2012
Vulnerability Reserved
Mar 10, 2011