The host is installed with IBM Rational ClearQuest 7.1.1 before 7.1.1.9 or 7.1.2 before 7.1.2.6 and is prone to SQL injection vulnerability. A flaw is present in the application, which fails to handle certain fields in the Maintenance tool. Successful exploitation allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.