CVE-2008-1287

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29280	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561	Patch
http://www.securityfocus.com/bid/28132	Patch
http://www.securitytracker.com/id?1019566
http://www.vupen.com/english/advisories/2008/0804/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:::::::*

History

No history.

Information

Published : 2008-03-11 17:44

Updated : 2023-12-10 10:40

NVD link : CVE-2008-1287

Mitre link : CVE-2008-1287

CVE.ORG link : CVE-2008-1287

JSON object : View

Products Affected

ibm

rational_clearquest

CWE

CWE-16

Configuration

{"id": "CVE-2008-1287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-11T17:44:00.000", "references": [{"url": "http://secunia.com/advisories/29280", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28132", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019566", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0804/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41042", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames."}, {"lang": "es", "value": "IBM Rational ClearQuest versiones 7.0.1.1.1 y 7.0.0.0.2, genera diferentes mensajes de error dependiendo de si el nombre de usuario es v\u00e1lido o no v\u00e1lido, lo que permite a los atacantes remotos enumerar los nombres de usuario."}], "lastModified": "2017-08-08T01:30:02.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "676DB969-3FF3-4EFA-8B50-9753BAC80EE6"}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}