CVE-2012-0744

Name of the Vulnerable Software and Affected Versions IBM Rational ClearQuest versions 7.1.x through 7.1.2.7 IBM Rational ClearQuest versions 8.x through 8.0.0.3

Description The issue allows remote attackers to obtain potentially sensitive information via a request to various endpoints, including "snoop", "hello", "ivt/", "hitcount", "HitCount.jsp", "HelloHTMLError.jsp", "HelloHTML.jsp", "HelloVXMLError.jsp", "HelloVXML.jsp", "HelloWMLError.jsp", "HelloWML.jsp", or "cqweb/j security check" sample script.

Recommendations For IBM Rational ClearQuest versions 7.1.x through 7.1.2.7, update to a version outside of this range to resolve the issue. For IBM Rational ClearQuest versions 8.x through 8.0.0.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the mentioned endpoints to minimize the risk of exploitation.