N/A

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

N/A

N/A

IBM RationalClearQuest CQWeb 信息泄露漏洞

IBM Rational ClearQuest是一个缺陷和变更追踪系统，组织和自动化处理与提交、分配、追踪、测试和发布变更请求相关的过程。 IBM Rational ClearQuest 7.0.1版本存在信息泄露漏洞。CQWeb登录页允许远程攻击者借助id字段中?script?和?/script?序列的合并，获得潜在的敏感信息(网页源代码)。此漏洞可能与跨站脚本攻击漏洞有关。

N/A

N/A