CVE-2008-5327

EUVD-2008-5304
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ibmrational_clearquest
7.0
ibmrational_clearquest
7.0.0.0
ibmrational_clearquest
7.0.0.1
ibmrational_clearquest
7.0.0.2
ibmrational_clearquest
7.0.0.3
ibmrational_clearquest
7.0.1
ibmrational_clearquest
7.0.1.1
ibmrational_clearquest
7.0.1.2
ibmrational_clearquest
7.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32847
http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908
https://exchange.xforce.ibmcloud.com/vulnerabilities/46995
http://secunia.com/advisories/32847
http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908
https://exchange.xforce.ibmcloud.com/vulnerabilities/46995