Vulnerability CVE-2013-3041


Published: 2013-09-30   Modified: 2013-10-04

Description:
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Rational clearquest 

 References:
http://xforce.iss.net/xforce/xfdb/84724
http://www-01.ibm.com/support/docview.wss?uid=swg21648086

Copyright 2024, cxsecurity.com

 

Back to Top