Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21699148 | Patch Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21699148 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:19
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21699148 - Patch, Vendor Advisory |
Information
Published : 2015-03-25 01:59
Updated : 2024-11-21 02:19
NVD link : CVE-2014-8925
Mitre link : CVE-2014-8925
CVE.ORG link : CVE-2014-8925
JSON object : View
Products Affected
ibm
- rational_clearquest
CWE
CWE-352
Cross-Site Request Forgery (CSRF)