SQL injection vulnerability in IBM Rational ClearQuestID: oval:org.secpod.oval:def:6520 | Date: (C)2012-08-07 (M)2021-06-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with IBM Rational ClearQuest 7.1.1 before 7.1.1.9 or 7.1.2 before 7.1.2.6 and is prone to SQL injection vulnerability. A flaw is present in the application, which fails to handle certain fields in the Maintenance tool. Successful exploitation allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Product: |
IBM Rational ClearQuest |