CVE-2012-2165
low
CVSS v3
—
CVSS v2
3.5
VIR risk
3.5
Description
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21606385
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | rational_clearquest | 7.1.1.1 | |
| ibm | rational_clearquest | 7.1.1.2 | |
| ibm | rational_clearquest | 7.1.1.3 | |
| ibm | rational_clearquest | 7.1.1.4 | |
| ibm | rational_clearquest | 7.1.1.5 | |
| ibm | rational_clearquest | 7.1.1.6 | |
| ibm | rational_clearquest | 7.1.1.7 | |
| ibm | rational_clearquest | 7.1.1.8 | |
| ibm | rational_clearquest | 7.1.2 | |
| ibm | rational_clearquest | 7.1.2.1 | |
| ibm | rational_clearquest | 7.1.2.2 | |
| ibm | rational_clearquest | 7.1.2.3 | |
| ibm | rational_clearquest | 7.1.2.4 | |
| ibm | rational_clearquest | 7.1.2.5 | |
| ibm | rational_clearquest | 7.1.2.6 | |
| ibm | rational_clearquest | 8.0.0 | |
| ibm | rational_clearquest | 8.0.0.1 | |
| ibm | rational_clearquest | 8.0.0.2 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740
- http://www.ibm.com/support/docview.wss?uid=swg21606385
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75040
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM62740
- http://www.ibm.com/support/docview.wss?uid=swg21606385
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75040
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.