Rel1K

**Name of the Vulnerable Software and Affected Versions** IBM Rational ClearQuest (CQ) Web versions 7.0.0.0-IFIX02 through 7.0.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in a "GenerateMainFrame" command, specifically targeting the "/main" endpoint. **Recommendations** For versions 7.0.0.0-IFIX02 through 7.0.0.1, avoid using the `username` parameter in the affected API endpoint until the issue is resolved. Restrict access to the "/main" endpoint to minimize the risk of exploitation.