Information Disclosure in IBM Rational ClearQuest Web Client
CVE-2013-3041

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 1 October 2013

Summary

The IBM Rational ClearQuest Web Client is susceptible to an information disclosure vulnerability that could allow remote attackers to access sensitive data within the client-server data stream. This issue is linked to a potential JSON hijacking attack, which exploits weaknesses in data handling processes in certain versions of the product. Affected versions include Rational ClearQuest 7.1 prior to 7.1.2.12, 8.0 prior to 8.0.0.8, and 8.0.1 prior to 8.0.1.1. Organizations using these versions should assess their security posture and apply the necessary updates to mitigate the risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84724

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21648086

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 1, 2013
Vulnerability Reserved
Apr 12, 2013