CVE-2009-4357

CVE-2009-4357

EPSS 1.1%

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://secunia.com/advisories/37811 http://securitytracker.com/id?1023370 http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377 http://www.securityfocus.com/bid/37385 http://www.vupen.com/english/advisories/2009/3580