Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4368

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4368
Last Modified 23 Jan 2009 03:03:02
Published 15 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4368

Summary

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

Vulnerable Systems

Application

  • Ibm Rational Clearquest 7.0.0.0

  • Ibm Rational Clearquest 7.0.0.1


References

XF - clearquest-username-sql-injection(36012)

SECTRACK - 1018569

BID - 25324

BUGTRAQ - 20070814 IBM Rational ClearQuest Web SQL Injection Login Bypass

MILW0RM - 4286

SREASON - 3012

OSVDB - 36478


Last Updated: 27 May 2016 10:45:50