SQL Injection in Ibm Rational_clearquest

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the u…

Vulnerability class: SQL Injection

EPSS: 0.007 (71.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearquest — versions 7.1.1.1, 7.1.1.2, 7.1.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

81815 (x_refsource_OSVDB, vdb-entry)
53483 (vdb-entry, x_refsource_BID)
1027060 (vdb-entry, x_refsource_SECTRACK)
49093 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
rcq-maintenancetool-sql-injection(71802) (vdb-entry, x_refsource_XF)