Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21699148 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-03-25 01:59
Updated : 2024-02-28 12:20
NVD link : CVE-2014-8925
Mitre link : CVE-2014-8925
CVE.ORG link : CVE-2014-8925
JSON object : View
Products Affected
ibm
- rational_clearquest
CWE
CWE-352
Cross-Site Request Forgery (CSRF)