Vulnerability-Lookup

CVE-2011-1390 (GCVE-0-2011-1390)

Vulnerability from cvelistv5 – Published: 2012-05-14 22:00 – Updated: 2024-08-06 22:21

Summary

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/81815	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/53483	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1027060	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/49093	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "81815",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81815"
          },
          {
            "name": "53483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53483"
          },
          {
            "name": "1027060",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027060"
          },
          {
            "name": "49093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
          },
          {
            "name": "rcq-maintenancetool-sql-injection(71802)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "81815",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81815"
        },
        {
          "name": "53483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53483"
        },
        {
          "name": "1027060",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027060"
        },
        {
          "name": "49093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
        },
        {
          "name": "rcq-maintenancetool-sql-injection(71802)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "81815",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81815"
            },
            {
              "name": "53483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53483"
            },
            {
              "name": "1027060",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027060"
            },
            {
              "name": "49093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49093"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
            },
            {
              "name": "rcq-maintenancetool-sql-injection(71802)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1390",
    "datePublished": "2012-05-14T22:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1390\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-05-14T22:55:01.353\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprovechamiento de una error en la funci\u00f3n de actualizaci\u00f3n por el usuario de base de datos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F74EBAA-8A68-4F20-B14D-D1A77D57BC38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10A1A052-179D-411F-A214-EF2AF7E5F0F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"230908F8-95CB-4273-BA32-0987145E5FDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CB4AA1-354B-4EC4-8D70-F58654ABF9CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1766896-6D35-44CB-8512-AED3961CE224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64BC2E3D-4B20-46FF-B2B5-551BEB347FCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51B69987-F426-4D27-A721-067B978BEB78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0201EFB5-9673-4C78-938A-C7BF769F5553\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1C1C0A-B403-44C5-B7BD-BC9466CB2848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A7179A-2421-454C-8A58-EFB1BB7150BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEA9B29-2A30-46D1-B778-CE7822CEA972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"941C4C5A-DD11-436B-86D4-BC564E9C6B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E538615-12E6-4CDF-8B32-A66CD35D98AE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A482D76-5CEA-4BFC-9837-AC451DBD1ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A51113A6-1744-47E6-8245-C0E33D39C789\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/81815\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/49093\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21594717\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/53483\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1027060\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71802\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/81815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21594717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/53483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-75W9-F53W-7VH5

Vulnerability from github – Published: 2022-05-17 02:00 – Updated: 2022-05-17 02:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-14T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.",
  "id": "GHSA-75w9-f53w-7vh5",
  "modified": "2022-05-17T02:00:43Z",
  "published": "2022-05-17T02:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1390"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/81815"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49093"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53483"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027060"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-1390

Vulnerability from fkie_nvd - Published: 2012-05-14 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/81815
cve@mitre.org	http://secunia.com/advisories/49093
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21594717	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/53483
cve@mitre.org	http://www.securitytracker.com/id?1027060
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71802
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/81815
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49093
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21594717	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53483
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027060
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/71802

Impacted products

Vendor	Product	Version
ibm	rational_clearquest	7.1.1.1
ibm	rational_clearquest	7.1.1.2
ibm	rational_clearquest	7.1.1.3
ibm	rational_clearquest	7.1.1.4
ibm	rational_clearquest	7.1.1.5
ibm	rational_clearquest	7.1.1.6
ibm	rational_clearquest	7.1.1.7
ibm	rational_clearquest	7.1.1.8
ibm	rational_clearquest	7.1.2
ibm	rational_clearquest	7.1.2.1
ibm	rational_clearquest	7.1.2.2
ibm	rational_clearquest	7.1.2.3
ibm	rational_clearquest	7.1.2.4
ibm	rational_clearquest	7.1.2.5
ibm	rational_clearquest	8.0
ibm	rational_clearquest	8.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprovechamiento de una error en la funci\u00f3n de actualizaci\u00f3n por el usuario de base de datos."
    }
  ],
  "id": "CVE-2011-1390",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-14T22:55:01.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/81815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49093"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53483"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1027060"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1390

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1390

Aliases

CVE-2011-1390

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1390",
    "description": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.",
    "id": "GSD-2011-1390"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1390"
      ],
      "details": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.",
      "id": "GSD-2011-1390",
      "modified": "2023-12-13T01:19:07.943606Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1390",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "81815",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/81815"
          },
          {
            "name": "53483",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53483"
          },
          {
            "name": "1027060",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027060"
          },
          {
            "name": "49093",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49093"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
          },
          {
            "name": "rcq-maintenancetool-sql-injection(71802)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1390"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
            },
            {
              "name": "53483",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53483"
            },
            {
              "name": "49093",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49093"
            },
            {
              "name": "81815",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/81815"
            },
            {
              "name": "1027060",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027060"
            },
            {
              "name": "rcq-maintenancetool-sql-injection(71802)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:34Z",
      "publishedDate": "2012-05-14T22:55Z"
    }
  }
}

CERTA-2012-AVI-276

Vulnerability from certfr_avis - Published: 2012-05-14 - Updated: 2012-05-14

Une vulnérabilité a été corrigée dans IBM Rational ClearQuest. Elle concerne une injection SQL lors de la mise à jour de la base de données utilisateur. Pour exploiter cette vulnérabilité un attaquant devra avoir accès aux outils de maintenance de ClearQuest.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	versions antérieures à ClearQuest 8.0.0.2.
IBM	N/A	Versions antérieures à ClearQuest 7.1.1.9 ;
IBM	N/A	versions antérieures à ClearQuest 7.1.2.6 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1390 (GCVE-0-2011-1390)

GHSA-75W9-F53W-7VH5

FKIE_CVE-2011-1390

GSD-2011-1390

CERTA-2012-AVI-276

Solution

Tags

Sightings

Nomenclature