CVE-2014-8925 | ByteOS Network

Vulnerability Details :

CVE-2014-8925

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-25 Mar, 2015 | 01:00

Updated At-06 Aug, 2024 | 13:33

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:ibm

Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522

Published At:25 Mar, 2015 | 01:00

Updated At:06 Aug, 2024 | 13:33

▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

Affected Products

Vendor

Product

Versions

Affected

n/a

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21699148	x_refsource_CONFIRM

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21699148

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21699148	x_refsource_CONFIRM x_transferred

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21699148

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

Source:psirt@us.ibm.com

Published At:25 Mar, 2015 | 01:59

Updated At:12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

IBM Corporation

>>rational_clearquest>>7.1

cpe:2.3:a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.0.1

cpe:2.3:a:ibm:rational_clearquest:7.1.0.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.0.2

cpe:2.3:a:ibm:rational_clearquest:7.1.0.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1

cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.1

cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.2

cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.3

cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.4

cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.5

cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.6

cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.7

cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.8

cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.1.9

cpe:2.3:a:ibm:rational_clearquest:7.1.1.9:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2

cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.1

cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.2

cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.3

cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.4

cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.5

cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.6

cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.7

cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.8

cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.9

cpe:2.3:a:ibm:rational_clearquest:7.1.2.9:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.10

cpe:2.3:a:ibm:rational_clearquest:7.1.2.10:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.11

cpe:2.3:a:ibm:rational_clearquest:7.1.2.11:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.12

cpe:2.3:a:ibm:rational_clearquest:7.1.2.12:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.13

cpe:2.3:a:ibm:rational_clearquest:7.1.2.13:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.14

cpe:2.3:a:ibm:rational_clearquest:7.1.2.14:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>7.1.2.15

cpe:2.3:a:ibm:rational_clearquest:7.1.2.15:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0

cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.1

cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.2

cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.3

cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.4

cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.5

cpe:2.3:a:ibm:rational_clearquest:8.0.0.5:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.6

cpe:2.3:a:ibm:rational_clearquest:8.0.0.6:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.7

cpe:2.3:a:ibm:rational_clearquest:8.0.0.7:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.8

cpe:2.3:a:ibm:rational_clearquest:8.0.0.8:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.9

cpe:2.3:a:ibm:rational_clearquest:8.0.0.9:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.10

cpe:2.3:a:ibm:rational_clearquest:8.0.0.10:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.11

cpe:2.3:a:ibm:rational_clearquest:8.0.0.11:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.0.12

cpe:2.3:a:ibm:rational_clearquest:8.0.0.12:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1

cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1.1

cpe:2.3:a:ibm:rational_clearquest:8.0.1.1:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1.2

cpe:2.3:a:ibm:rational_clearquest:8.0.1.2:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1.3

cpe:2.3:a:ibm:rational_clearquest:8.0.1.3:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1.4

cpe:2.3:a:ibm:rational_clearquest:8.0.1.4:*:*:*:*:*:*:*

IBM Corporation

>>rational_clearquest>>8.0.1.5

cpe:2.3:a:ibm:rational_clearquest:8.0.1.5:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	nvd@nist.gov

CWE ID: CWE-352

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21699148	psirt@us.ibm.com	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21699148	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21699148

Source: psirt@us.ibm.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21699148

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory