Phishing Vulnerability in IBM Rational ClearQuest Web Client by IBM
CVE-2012-4839

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 20 December 2012

Summary

The OSLC interface in IBM Rational ClearQuest Web Client exposes a weakness that allows remote attackers to execute phishing attacks through the use of a FRAME element. This vulnerability affects versions prior to 7.1.2.9 in the 7.1.2.x series and prior to 8.0.0.5 in the 8.0.0.x series, enabling potential exploitation of the interface to mislead users into providing sensitive information. Organizations using vulnerable versions of this product should consider applying the necessary patches to mitigate the risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21620342

x_refsource_CONFIRM

http://www.securitytracker.com/id?1027889

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/79068

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 20, 2012
Vulnerability Reserved
Sep 6, 2012