CVE-2011-1390
Last modified
CVE-2011-1390 is a vulnerability of currently unknown severity. SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.. EPSS estimates a 2.06% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Clearquest | 7.1.1.1 |
| Ibm | Rational Clearquest | 7.1.1.2 |
| Ibm | Rational Clearquest | 7.1.1.3 |
| Ibm | Rational Clearquest | 7.1.1.4 |
| Ibm | Rational Clearquest | 7.1.1.5 |
| Ibm | Rational Clearquest | 7.1.1.6 |
| Ibm | Rational Clearquest | 7.1.1.7 |
| Ibm | Rational Clearquest | 7.1.1.8 |
| Ibm | Rational Clearquest | 7.1.2 |
| Ibm | Rational Clearquest | 7.1.2.1 |
| Ibm | Rational Clearquest | 7.1.2.2 |
| Ibm | Rational Clearquest | 7.1.2.3 |
| Ibm | Rational Clearquest | 7.1.2.4 |
| Ibm | Rational Clearquest | 7.1.2.5 |
| Ibm | Rational Clearquest | 8.0 |
| Ibm | Rational Clearquest | 8.0.0.1 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21594717Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21594717Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1390?
How severe is CVE-2011-1390?
How do I fix CVE-2011-1390?
Are you affected by CVE-2011-1390?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST