CVE-2008-1287

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
ibmrational_clearquest
7.0.0.2
ibmrational_clearquest
7.0.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29280
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
http://www.securityfocus.com/bid/28132
http://www.securitytracker.com/id?1019566
http://www.vupen.com/english/advisories/2008/0804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
http://secunia.com/advisories/29280
http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
http://www.securityfocus.com/bid/28132
http://www.securitytracker.com/id?1019566
http://www.vupen.com/english/advisories/2008/0804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41042