CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-4368

HIGH
7.5
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile25.24th
Published2007年8月15日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

Affected Platforms (CPE)

📦
Ibm

Rational Clearquest

= 7.0.0.0
📦
Ibm

Rational Clearquest

= 7.0.0.1

References & Advisories

🔗 http://osvdb.org/36478
🔗 http://securityreason.com/securityalert/3012
🔗 http://www.securityfocus.com/archive/1/476475/100/0/threaded
🔗 http://www.securityfocus.com/bid/25324
🔗 http://www.securitytracker.com/id?1018569
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36012
🔗 https://www.exploit-db.com/exploits/4286
🔗 http://osvdb.org/36478

関連する脆弱性情報

CVE-2010-460110.0

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before ...

CVE-2012-07089.3

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1....

CVE-2014-09319.1

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scri...

CVE-2007-50907.5

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows atta...