CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4368

HIGH
7.5
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile25.24th
PublishedAug 15, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

Affected Platforms (CPE)

πŸ“¦
Ibm

Rational Clearquest

= 7.0.0.0
πŸ“¦
Ibm

Rational Clearquest

= 7.0.0.1

References & Advisories

πŸ”— http://osvdb.org/36478
πŸ”— http://securityreason.com/securityalert/3012
πŸ”— http://www.securityfocus.com/archive/1/476475/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25324
πŸ”— http://www.securitytracker.com/id?1018569
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/36012
πŸ”— https://www.exploit-db.com/exploits/4286
πŸ”— http://osvdb.org/36478

Related Vulnerabilities

CVE-2010-460110.0

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before ...

CVE-2012-07089.3

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1....

CVE-2014-09319.1

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scri...

CVE-2007-50907.5

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows atta...