CVE-2011-1390 - OpenCVE

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Clearquest

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:rational_clearquest:7.1.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:ibm:rational_clearquest:8.0:::::::*
	cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/81815
http://secunia.com/advisories/49093
http://www-01.ibm.com/support/docview.wss?uid=swg21594717
http://www.securityfocus.com/bid/53483
http://www.securitytracker.com/id?1027060
https://exchange.xforce.ibmcloud.com/vulnerabilities/71802

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-14T22:00:00

Updated: 2024-08-06T22:21:34.372Z

Reserved: 2011-03-10T00:00:00

Link: CVE-2011-1390

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-05-14T22:55:01.353

Modified: 2017-08-17T01:34:06.993

Link: CVE-2011-1390

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "81815", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/81815"}, {"name": "53483", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53483"}, {"name": "1027060", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027060"}, {"name": "49093", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49093"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"}, {"name": "rcq-maintenancetool-sql-injection(71802)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "81815", "refsource": "OSVDB", "url": "http://osvdb.org/81815"}, {"name": "53483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53483"}, {"name": "1027060", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027060"}, {"name": "49093", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49093"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"}, {"name": "rcq-maintenancetool-sql-injection(71802)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:21:34.372Z"}, "title": "CVE Program Container", "references": [{"name": "81815", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/81815"}, {"name": "53483", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53483"}, {"name": "1027060", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027060"}, {"name": "49093", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49093"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"}, {"name": "rcq-maintenancetool-sql-injection(71802)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1390", "datePublished": "2012-05-14T22:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:21:34.372Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "57CB4AA1-354B-4EC4-8D70-F58654ABF9CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E1766896-6D35-44CB-8512-AED3961CE224", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "64BC2E3D-4B20-46FF-B2B5-551BEB347FCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "51B69987-F426-4D27-A721-067B978BEB78", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A482D76-5CEA-4BFC-9837-AC451DBD1ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en la herramienta de mantenimiento de IBM Rational ClearQuest v7.1.1.x anterior a v7.1.1.9, v7.1.2.6, v7.1.2.x y anterior a v8.x, v8.0.0.2 permite a atacantes remotos ejecutar comandos SQL mediante el aprovechamiento de una error en la funci\u00f3n de actualizaci\u00f3n por el usuario de base de datos."}], "id": "CVE-2011-1390", "lastModified": "2017-08-17T01:34:06.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-14T22:55:01.353", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/81815"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/49093"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/53483"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1027060"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}