Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5328

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-5328
Last Modified 30 Jun 2009 12:00:00
Published 04 Dec 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-5328

Summary

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.

Vulnerable Systems

Application

  • Ibm Rational Clearquest 7.0.0.0

  • Ibm Rational Clearquest 7.0.0.1

  • Ibm Rational Clearquest 7.0.0.2

  • Ibm Rational Clearquest 7.0.0.3

  • Ibm Rational Clearquest 7.0.1

  • Ibm Rational Clearquest 7.0.1.1

  • Ibm Rational Clearquest 7.0.1.2


References

XF - clearquest-maintenance-info-disclosure(46995)

AIXAPAR - PK65908

SECUNIA - 32847


Last Updated: 27 May 2016 10:48:46