IBM Rational ClearQuest CVE-2012-5757 Cross Site Scripting Vulnerability

Bugtraq ID:	58631
Class:	Input Validation Error
CVE:	CVE-2012-5757
Remote:	Yes
Local:	No
Published:	Mar 20 2013 12:00AM
Updated:	Mar 20 2013 12:00AM
Credit:	IBM
Vulnerable:	IBM Rational ClearQuest 8.0.1 IBM Rational ClearQuest 8.0.0.5 IBM Rational ClearQuest 8.0.0.4 IBM Rational ClearQuest 8.0.0.3 IBM Rational ClearQuest 8.0 IBM Rational ClearQuest 7.1.2.7 IBM Rational ClearQuest 7.1.2.5 IBM Rational ClearQuest 7.1.1.3 IBM Rational ClearQuest 7.1.0.1 IBM IBM Rational ClearQuest 8.0.0.2 IBM IBM Rational ClearQuest 8.0.0.1 IBM IBM Rational ClearQuest 7.1.2.6
Not Vulnerable:	IBM Rational ClearQuest 8.0.0 6 IBM Rational ClearQuest 7.1.2.3

IBM Rational ClearQuest CVE-2012-5757 Cross Site Scripting Vulnerability

IBM Rational ClearQuest is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Rational ClearQuest versions prior to 7.1.2.10 and 8.0.0.6 are vulnerable.

IBM Rational ClearQuest CVE-2012-5757 Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user into visiting a specially crafted URL.

IBM Rational ClearQuest CVE-2012-5757 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Rational ClearQuest CVE-2012-5757 Cross Site Scripting Vulnerability

References:

• IBM Rational ClearQuest HomePage (IBM)
  
• Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012 (IBM)