Information Disclosure Vulnerability in IBM Rational ClearQuest Products
CVE-2012-2168

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 17 August 2012

Summary

IBM Rational ClearQuest versions 7.1.x prior to 7.1.2.7 and 8.x prior to 8.0.0.3 have a vulnerability that permits remote authenticated users to extract sensitive stack-trace information. This occurs through error messages generated by the CM server in response to invalid parameters, potentially exposing valuable internal details that could be exploited by malicious entities.

References

http://www.ibm.com/support/docview.wss?uid=swg21606319

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PM61822

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/75048

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 17, 2012
Vulnerability Reserved
Apr 4, 2012