CVE-2009-4357

Published: Dec 18, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Affected (24)

Products: Ibm: Rational Clearcase, Rational Clearquest

Ibm

2 products

Rational Clearcase

Rational Clearquest

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Clearcase	Up to 7.1
Ibm Rational Clearcase	Version 7.0.0.1
Ibm Rational Clearcase	Version 7.0.0.2
Ibm Rational Clearcase	Version 7.0.0.4
Ibm Rational Clearcase	Version 7.0.1.1
Ibm Rational Clearcase	Version 7.0.1.3
Ibm Rational Clearquest	Version 2007
Ibm Rational Clearquest	Version 2008
Ibm Rational Clearquest	Version 5.00
Ibm Rational Clearquest	Version 5.20
Ibm Rational Clearquest	Version 6.00
Ibm Rational Clearquest	Version 6.10
Ibm Rational Clearquest	Version 6.12
Ibm Rational Clearquest	Version 6.13
Ibm Rational Clearquest	Version 6.14
Ibm Rational Clearquest	Version 6.15
Ibm Rational Clearquest	Version 6.16
Ibm Rational Clearquest	Version 7.0.0.1
Ibm Rational Clearquest	Version 7.0.1.0
Ibm Rational Clearquest	Version 7.0.1.1
Ibm Rational Clearquest	Version 7.0.1.3
Ibm Rational Clearquest	Version 7.0.1
Ibm Rational Clearquest	Version 7.0.2
Ibm Rational Clearquest	Version 7.0