Vulnerability Details CVE-2008-1287
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/29280
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
- http://www.securityfocus.com/bid/28132
- http://www.securitytracker.com/id?1019566
- http://www.vupen.com/english/advisories/2008/0804/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
- http://secunia.com/advisories/29280
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
- http://www.securityfocus.com/bid/28132
- http://www.securitytracker.com/id?1019566
- http://www.vupen.com/english/advisories/2008/0804/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
Products affected by CVE-2008-1287
-
cpe:2.3:a:ibm:rational_clearquest:7.0.0.2
-
cpe:2.3:a:ibm:rational_clearquest:7.0.1.1