CVE-2014-8925: XSS
First published: Wed Mar 25 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational ClearQuest | =7.1 | |
| IBM Rational ClearQuest | =7.1.0.1 | |
| IBM Rational ClearQuest | =7.1.0.2 | |
| IBM Rational ClearQuest | =7.1.1 | |
| IBM Rational ClearQuest | =7.1.1.1 | |
| IBM Rational ClearQuest | =7.1.1.2 | |
| IBM Rational ClearQuest | =7.1.1.3 | |
| IBM Rational ClearQuest | =7.1.1.4 | |
| IBM Rational ClearQuest | =7.1.1.5 | |
| IBM Rational ClearQuest | =7.1.1.6 | |
| IBM Rational ClearQuest | =7.1.1.7 | |
| IBM Rational ClearQuest | =7.1.1.8 | |
| IBM Rational ClearQuest | =7.1.1.9 | |
| IBM Rational ClearQuest | =7.1.2 | |
| IBM Rational ClearQuest | =7.1.2.1 | |
| IBM Rational ClearQuest | =7.1.2.2 | |
| IBM Rational ClearQuest | =7.1.2.3 | |
| IBM Rational ClearQuest | =7.1.2.4 | |
| IBM Rational ClearQuest | =7.1.2.5 | |
| IBM Rational ClearQuest | =7.1.2.6 | |
| IBM Rational ClearQuest | =7.1.2.7 | |
| IBM Rational ClearQuest | =7.1.2.8 | |
| IBM Rational ClearQuest | =7.1.2.9 | |
| IBM Rational ClearQuest | =7.1.2.10 | |
| IBM Rational ClearQuest | =7.1.2.11 | |
| IBM Rational ClearQuest | =7.1.2.12 | |
| IBM Rational ClearQuest | =7.1.2.13 | |
| IBM Rational ClearQuest | =7.1.2.14 | |
| IBM Rational ClearQuest | =7.1.2.15 | |
| IBM Rational ClearQuest | =8.0.0 | |
| IBM Rational ClearQuest | =8.0.0.1 | |
| IBM Rational ClearQuest | =8.0.0.2 | |
| IBM Rational ClearQuest | =8.0.0.3 | |
| IBM Rational ClearQuest | =8.0.0.4 | |
| IBM Rational ClearQuest | =8.0.0.5 | |
| IBM Rational ClearQuest | =8.0.0.6 | |
| IBM Rational ClearQuest | =8.0.0.7 | |
| IBM Rational ClearQuest | =8.0.0.8 | |
| IBM Rational ClearQuest | =8.0.0.9 | |
| IBM Rational ClearQuest | =8.0.0.10 | |
| IBM Rational ClearQuest | =8.0.0.11 | |
| IBM Rational ClearQuest | =8.0.0.12 | |
| IBM Rational ClearQuest | =8.0.1 | |
| IBM Rational ClearQuest | =8.0.1.1 | |
| IBM Rational ClearQuest | =8.0.1.2 | |
| IBM Rational ClearQuest | =8.0.1.3 | |
| IBM Rational ClearQuest | =8.0.1.4 | |
| IBM Rational ClearQuest | =8.0.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What versions of IBM Rational ClearQuest are affected by CVE-2014-8925?
CVE-2014-8925 affects IBM Rational ClearQuest versions 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7.
What is the impact of CVE-2014-8925?
CVE-2014-8925 allows remote attackers to hijack the authentication of arbitrary users, triggering unwanted logouts or potentially inserting XSS sequences.
Is CVE-2014-8925 a critical security vulnerability?
CVE-2014-8925 is classified as a moderately critical cross-site request forgery (CSRF) vulnerability.
How can I mitigate CVE-2014-8925?
To mitigate CVE-2014-8925, upgrade IBM Rational ClearQuest to the patched versions: 7.1.2.17 or newer, 8.0.0.14 or newer, and 8.0.1.7 or newer.
What is the nature of the vulnerability described in CVE-2014-8925?
CVE-2014-8925 is a cross-site request forgery (CSRF) vulnerability that compromises user authentication.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/ibm
- canonical/ibm rational clearquest
- version/ibm rational clearquest/7.1
- version/ibm rational clearquest/7.1.0.1
- version/ibm rational clearquest/7.1.0.2
- version/ibm rational clearquest/7.1.1
- version/ibm rational clearquest/7.1.1.1
- version/ibm rational clearquest/7.1.1.2
- version/ibm rational clearquest/7.1.1.3
- version/ibm rational clearquest/7.1.1.4
- version/ibm rational clearquest/7.1.1.5
- version/ibm rational clearquest/7.1.1.6
- version/ibm rational clearquest/7.1.1.7
- version/ibm rational clearquest/7.1.1.8
- version/ibm rational clearquest/7.1.1.9
- version/ibm rational clearquest/7.1.2
- version/ibm rational clearquest/7.1.2.1
- version/ibm rational clearquest/7.1.2.2
- version/ibm rational clearquest/7.1.2.3
- version/ibm rational clearquest/7.1.2.4
- version/ibm rational clearquest/7.1.2.5
- version/ibm rational clearquest/7.1.2.6
- version/ibm rational clearquest/7.1.2.7
- version/ibm rational clearquest/7.1.2.8
- version/ibm rational clearquest/7.1.2.9
- version/ibm rational clearquest/7.1.2.10
- version/ibm rational clearquest/7.1.2.11
- version/ibm rational clearquest/7.1.2.12
- version/ibm rational clearquest/7.1.2.13
- version/ibm rational clearquest/7.1.2.14
- version/ibm rational clearquest/7.1.2.15
- version/ibm rational clearquest/8.0.0
- version/ibm rational clearquest/8.0.0.1
- version/ibm rational clearquest/8.0.0.2
- version/ibm rational clearquest/8.0.0.3
- version/ibm rational clearquest/8.0.0.4
- version/ibm rational clearquest/8.0.0.5
- version/ibm rational clearquest/8.0.0.6
- version/ibm rational clearquest/8.0.0.7
- version/ibm rational clearquest/8.0.0.8
- version/ibm rational clearquest/8.0.0.9
- version/ibm rational clearquest/8.0.0.10
- version/ibm rational clearquest/8.0.0.11
- version/ibm rational clearquest/8.0.0.12
- version/ibm rational clearquest/8.0.1
- version/ibm rational clearquest/8.0.1.1
- version/ibm rational clearquest/8.0.1.2
- version/ibm rational clearquest/8.0.1.3
- version/ibm rational clearquest/8.0.1.4
- version/ibm rational clearquest/8.0.1.5