IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)

medium Nessus Plugin ID 81780

Synopsis

The remote host has software installed that is affected by multiple vulnerabilities.

Description

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1 installed. It is, therefore, potentially affected by multiple vulnerabilities :

- An unspecified cross-site request forgery (CSRF) vulnerability exists. (CVE-2013-0598)

- An unspecified vulnerability allows for an attacker to perform JSON hijacking attacks. (CVE-2013-3041)

Note that these vulnerabilities only affect the Web Client component.

Solution

Upgrade to IBM Rational ClearQuest 7.1.2.12/ 8.0.0.8 / 8.0.1.1 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21648665

http://www-01.ibm.com/support/docview.wss?uid=swg21648086

Plugin Details

Severity: Medium

ID: 81780

File Name: ibm_rational_clearquest_8_0_1_1.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 3/12/2015

Updated: 7/12/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:rational_clearquest

Required KB Items: installed_sw/IBM Rational ClearQuest, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/16/2013

Vulnerability Publication Date: 9/16/2013

Reference Information

CVE: CVE-2013-0598, CVE-2013-3041

BID: 62654, 62656