CVE-2009-4357

Sažetak

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Reference

http://secunia.com/advisories/37811
http://securitytracker.com/id?1023370
http://www.securityfocus.com/bid/37385
http://www.vupen.com/english/advisories/2009/3580
http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-12-2009 - 05:00

Objavljeno

18-12-2009 - 19:30