CVE-2012-2164
First published: Fri Aug 17 2012(Updated: )
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational ClearQuest | =7.1.1.1 | |
| IBM Rational ClearQuest | =7.1.1.2 | |
| IBM Rational ClearQuest | =7.1.1.3 | |
| IBM Rational ClearQuest | =7.1.1.4 | |
| IBM Rational ClearQuest | =7.1.1.5 | |
| IBM Rational ClearQuest | =7.1.1.6 | |
| IBM Rational ClearQuest | =7.1.1.7 | |
| IBM Rational ClearQuest | =7.1.1.8 | |
| IBM Rational ClearQuest | =7.1.2 | |
| IBM Rational ClearQuest | =7.1.2.1 | |
| IBM Rational ClearQuest | =7.1.2.2 | |
| IBM Rational ClearQuest | =7.1.2.3 | |
| IBM Rational ClearQuest | =7.1.2.4 | |
| IBM Rational ClearQuest | =7.1.2.5 | |
| IBM Rational ClearQuest | =7.1.2.6 | |
| IBM Rational ClearQuest | =8.0 | |
| IBM Rational ClearQuest | =8.0.0.1 | |
| IBM Rational ClearQuest | =8.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2164?
CVE-2012-2164 is considered a medium-severity vulnerability due to the potential for unauthorized access to system settings.
How do I fix CVE-2012-2164?
To fix CVE-2012-2164, update IBM Rational ClearQuest to version 7.1.2.7 or 8.0.0.3 or later.
Who is affected by CVE-2012-2164?
CVE-2012-2164 affects IBM Rational ClearQuest versions 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3.
What kind of attack does CVE-2012-2164 exploit?
CVE-2012-2164 exploits a parameter-tampering attack that allows remote authenticated users to bypass access restrictions.
Can CVE-2012-2164 lead to system configuration changes?
Yes, CVE-2012-2164 can allow unauthorized users to modify system settings through the Site Administration menu.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational clearquest
- version/ibm rational clearquest/7.1.1.1
- version/ibm rational clearquest/7.1.1.2
- version/ibm rational clearquest/7.1.1.3
- version/ibm rational clearquest/7.1.1.4
- version/ibm rational clearquest/7.1.1.5
- version/ibm rational clearquest/7.1.1.6
- version/ibm rational clearquest/7.1.1.7
- version/ibm rational clearquest/7.1.1.8
- version/ibm rational clearquest/7.1.2
- version/ibm rational clearquest/7.1.2.1
- version/ibm rational clearquest/7.1.2.2
- version/ibm rational clearquest/7.1.2.3
- version/ibm rational clearquest/7.1.2.4
- version/ibm rational clearquest/7.1.2.5
- version/ibm rational clearquest/7.1.2.6
- version/ibm rational clearquest/8.0
- version/ibm rational clearquest/8.0.0.1
- version/ibm rational clearquest/8.0.0.2