Hewlett Packard · Hp Mercury Quality Center · CVE-2007-1882
Name of the Vulnerable Software and Affected Versions:
HP Mercury Quality Center version 9.0 build 9.1.0.4352
Description:
The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved through the "qcbin/servlet/tdservlet/TDAPI GeneralWebTreatment" endpoint, specifically by utilizing the `RunQuery` method.
Recommendations:
For HP Mercury Quality Center version 9.0 build 9.1.0.4352, consider restricting access to the `qcbin/servlet/tdservlet/TDAPI GeneralWebTreatment` endpoint to minimize the risk of exploitation. As a temporary workaround, limit the use of the `RunQuery` method until a patch is available.