CVE-2012-4839 - Vulnerability Details - OpenCVE

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Clearquest

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_clearquest:7.1.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:::::::*
	cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:rational_clearquest:8.0.0:::::::*
	cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:::::::*
	cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21620342
http://www.securitytracker.com/id?1027889
https://exchange.xforce.ibmcloud.com/vulnerabilities/79068

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-12-20T11:00:00

Updated: 2024-08-06T20:50:17.331Z

Reserved: 2012-09-06T00:00:00

Link: CVE-2012-4839

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-20T12:02:17.887

Modified: 2024-11-21T01:43:35.680

Link: CVE-2012-4839

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"}, {"name": "1027889", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027889"}, {"name": "rcq-iframes-xss(79068)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"}, {"name": "1027889", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027889"}, {"name": "rcq-iframes-xss(79068)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:50:17.331Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"}, {"name": "1027889", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027889"}, {"name": "rcq-iframes-xss(79068)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4839", "datePublished": "2012-12-20T11:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2024-08-06T20:50:17.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "6E2E59A6-FC13-43FD-BDED-01EA0462F81B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "9AFCF89A-FD9F-4460-8AE8-5FA9C607B1EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "33437FA1-E122-43BB-B347-AACD9C9295D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "02D746F3-DCFD-427C-8157-8064A0452DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "33E40700-19C6-4CD7-9CE2-A3A7AC67B48A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element."}, {"lang": "es", "value": "La interfaz OSLC en el cliente Web (tambi\u00e9n conocido como CQ Web) en IBM Rational ClearQuest v7.1.2.x antes de v7.1.2.9 y v8.0.0.x antes de v8.0.0.5 permite a atacantes remotos para realizar ataques de phishing a trav\u00e9s de un elemento FRAME."}], "id": "CVE-2012-4839", "lastModified": "2024-11-21T01:43:35.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-12-20T12:02:17.887", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id?1027889"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1027889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79068"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}