Remote Database Name Exposure in IBM Rational ClearQuest
CVE-2013-5422

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearcase
Vendor: CVE Published:; 19 December 2013

What is CVE-2013-5422?

The Web Client in IBM Rational ClearQuest versions 7.1 through 7.1.2.12, 8.0.0.x prior to 8.0.0.9, and 8.0.1.x before 8.0.1.2 is prone to a vulnerability that enables remote attackers to access database names under certain conditions. This occurs when a multi-database dataset is present, allowing unauthorized information disclosure through unspecified mechanisms. Organizations using these affected versions should consider applying the necessary updates to mitigate potential risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PM97698

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/87484

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21660036

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Aug 22, 2013