Cross-site Scripting Vulnerability in IBM Rational ClearQuest Products
CVE-2012-2205

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 17 August 2012

What is CVE-2012-2205?

A Cross-site Scripting (XSS) vulnerability exists in IBM Rational ClearQuest versions prior to 7.1.2.7 and 8.0.0.3. This security flaw enables remote authenticated users to inject arbitrary web scripts or HTML code through a workspace query, potentially compromising the application's security and allowing for unauthorized actions within user sessions.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg21605838

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/77094

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2012
Vulnerability Reserved
Apr 4, 2012